CVE-2025-69243

Medium CVSS: 6.9

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.

This issue was fixed in version 1.5.0.

Vendor

Raytha

Product

Raytha

CWE

CWE-204

Yayın Tarihi

2026-03-16 14:18:01

Güncelleme

2026-03-16 19:26:28

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-204 Raytha MEDIUM Raytha 2026

Referanslar

https://cert.pl/en/posts/2026/03/CVE-2025-69236 https://raytha.com

Benzer Kayıtlar

Medium

CVE-2025-69246

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automa…

Medium

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker…

High

CVE-2025-69240

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker…

Medium

CVE-2025-69241

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authentic…

Medium

CVE-2025-69242

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which,…

Medium

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malici…