CVE-2025-69246

Medium CVSS: 6.9

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges.

This issue was fixed in version 1.4.6.

Vendor

Raytha

Product

Raytha

CWE

CWE-307

Yayın Tarihi

2026-03-16 14:18:02

Güncelleme

2026-03-16 19:21:32

Source Identifier

cvd@cert.pl

KEV Date Added

Kategoriler

CWE-307 Raytha MEDIUM Raytha 2026

Referanslar

https://cert.pl/en/posts/2026/03/CVE-2025-69236 https://raytha.com

Benzer Kayıtlar

Medium

CVE-2025-69239

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker…

High

CVE-2025-69240

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker…

Medium

CVE-2025-69241

Raytha CMS is vulnerable to Stored XSS via FirstName and LastName parameters in profile editing functionality. Authentic…

Medium

CVE-2025-69242

Raytha CMS is vulnerable to reflected XSS via the backToListUrl parameter. An attacker can craft a malicious URL which,…

Medium

CVE-2025-69243

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an atta…

Medium

CVE-2025-69245

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malici…