Main Vulnerability Database Vulnerabilities #VU105805

#VU105805 Permissions, Privileges, and Access Controls in Camaleon CMS - CVE-2025-2304

Published: March 18, 2025 / Updated: February 27, 2026

Vulnerability identifier: #VU105805

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2025-2304

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Camaleon CMS

Software vendor:
Owen Peredo Diaz

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to use of the dangerous permit! method, which allows all parameters to pass through without any filtering, leading to security restrictions bypass and privilege escalation.

Remediation

Install updates from vendor's website.

External links

https://github.com/owen2345/camaleon-cms
https://www.tenable.com/security/research/tra-2025-09

#VU105805 Permissions, Privileges, and Access Controls in Camaleon CMS - CVE-2025-2304

Description

Remediation

External links

Please verify you're human