Miggo Logo
Miggo Vulnerability Database
CVE-2025-2304

CVE-2025-2304:
Camaleon CMS Vulnerable to Privilege Escalation through a Mass Assignment

9.4

CVSS Score
4.0

Basic Information

CVE ID
CVE-2025-2304
GHSA ID
GHSA-rp28-mvq3-wf8j
EPSS Score
0.23351%
CWE
CWE-915
Published
3/14/2025
Updated
3/17/2025
KEV Status
No
Technology
TechnologyRuby

Technical Details

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Package NameEcosystemVulnerable VersionsFirst Patched Version
camaleon_cmsrubygems< 2.9.12.9.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the insecure use of permit! in the updated_ajax method, as shown in the pre-patch code diff. This method allowed mass assignment of any parameters under :password, including unauthorized attributes. The GitHub patch explicitly replaces permit! with a restricted permit(%i[password password_confirmation]) and adds parameter validation, confirming this was the vulnerable entry point. The CWE-915 mapping and advisory descriptions directly reference this insecure parameter handling pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* Privil*** *s**l*tion t*rou** * M*ss *ssi*nm*nt *xists in **m*l*on *MS W**n * us*r wis**s to ***n** *is p*sswor*, t** 'up**t**_*j*x' m*t*o* o* t** Us*rs*ontroll*r is **ll**. T** vuln*r**ility st*ms *rom t** us* o* t** **n**rous p*rmit! m*t*o*, w*i*

Reasoning

T** vuln*r**ility st*ms *rom t** ins**ur* us* o* p*rmit! in t** up**t**_*j*x m*t*o*, *s s*own in t** pr*-p*t** *o** *i**. T*is m*t*o* *llow** m*ss *ssi*nm*nt o* *ny p*r*m*t*rs un**r :p*sswor*, in*lu*in* un*ut*oriz** *ttri*ut*s. T** *it*u* p*t** *xpli