Description
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment.

This issue was fixed in version 1.4.6.
Published: 2026-03-16
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Functions module in Raytha CMS allows privileged users to write custom JavaScript code. Because the system lacks sandboxing or access restrictions, the code executed can instantiate .NET components and perform arbitrary operations within the application’s hosting environment, leading to remote code execution and full control over the server.

Affected Systems

Affected vendor: Raytha (product: Raytha). All released versions prior to 1.4.6 contain the flaw; the issue was fixed in version 1.4.6.

Risk and Exploitability

The CVSS score of 8.6 classifies this as high severity. The EPSS score is below 1 % indicating a low probability of exploitation in the wild, and it is not listed in CISA’s KEV catalog. However, because the vulnerability requires authentication as a privileged user, an attacker who gains such access can exploit the flaw with the described attack path. The lack of sandboxing makes the impact significant, providing full control over the hosting environment.

Generated by OpenCVE AI on March 17, 2026 at 16:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Raytha to version 1.4.6 or later.
  • If immediate upgrade is not possible, limit privileged user access and monitor for suspicious script execution.
  • Verify deployment and monitor logs for unauthorized code execution.

Generated by OpenCVE AI on March 17, 2026 at 16:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Raytha
Raytha raytha
CPEs cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*
Vendors & Products Raytha
Raytha raytha
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 16 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description "Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.
Title Authenticated RCE in Raytha CMS
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L'}

Subscriptions

Raytha Raytha
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-03-16T14:20:16.168Z

Reserved: 2026-01-19T12:32:08.960Z

Link: CVE-2025-15540

cve-icon Vulnrichment

Updated: 2026-03-16T14:16:57.083Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:17:55.953

Modified: 2026-03-17T14:24:04.947

Link: CVE-2025-15540

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:02:42Z

Weaknesses