Main Vulnerability Database Vulnerabilities #VU105805

Permissions, Privileges, and Access Controls in Camaleon CMS - CVE-2025-2304

Published: March 18, 2025 / Updated: April 30, 2026

Vulnerability identifier: #VU105805

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2025-2304

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Owen Peredo Diaz

Affected software:
Camaleon CMS

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to use of the dangerous permit! method, which allows all parameters to pass through without any filtering, leading to security restrictions bypass and privilege escalation.

How to mitigate CVE-2025-2304

Install updates from vendor's website.

Sources

https://github.com/owen2345/camaleon-cms
https://www.tenable.com/security/research/tra-2025-09

Permissions, Privileges, and Access Controls in Camaleon CMS - CVE-2025-2304

Detailed vulnerability description

How to mitigate CVE-2025-2304

Sources

Please verify you're human