CVE-2025-2304

Name of the Vulnerable Software and Affected Versions Camaleon CMS (affected versions not specified)

Description Privilege escalation is possible through mass assignment, a condition where an application takes user-provided data and binds it to an internal object without proper filtering. This occurs when the updated ajax() function of the UsersController is called during a password change request. The issue is caused by the use of the permit! method, which allows all parameters to be processed without validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.