Exploit for CVE-2025-2304

Name: Exploit for CVE-2025-2304
Rating: 5 (5 reviews)

2026-06-06 | CVSS 9.4

## https://sploitus.com/exploit?id=663AF191-BC2E-517A-99B4-0D115B8E4242
# CVE-2025-2304-POC

PoC for CVE-2025-2304 — Camaleon CMS 2.9.0 privilege escalation via mass assignment on the password change endpoint.

## Vulnerability

The `/admin/users/:id/updated_ajax` endpoint does not filter the `role` parameter before passing it to the model update, allowing any authenticated user to escalate to administrator.

## Usage

```bash
python3 CVE-2025-2304-POC.py -u http://target.htb --username bob --password bob123 --user-id 5
```

## Options

| Flag | Description |
|------|-------------|
| `-u` | Target base URL |
| `--username` | Low-privileged username |
| `--password` | Current password |
| `--new-password` | New password after change (optional, defaults to current) |
| `--user-id` | Target user ID |

## Requirements

```bash
pip install requests
```

## Tested On

- Camaleon CMS 2.9.0

## References

- https://vulners.com/cve/CVE-2025-2304