Description
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification. 

This issue was fixed in version 1.4.6.
Published: 2026-03-16
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Authenticated CSRF deletion
Action: Immediate Patch
AI Analysis

Impact

Raytha CMS is vulnerable to Cross‑Site Request Forgery across multiple endpoints. An attacker can host a special website that, when a victim who is already logged into Raytha visits it, automatically sends a POST request to a target endpoint such as one that deletes data. The request bypasses token verification, allowing the attacker to perform privileged actions on behalf of the authenticated user. This vulnerability corresponds to CWE‑352 and directly threatens the integrity of the system by enabling unauthorized data removal.

Affected Systems

The affected product is Raytha CMS (Raytha:Raytha). All versions prior to 1.4.6 are vulnerable, as the issue was fixed in version 1.4.6. No additional version specifics are provided in the source data.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. An EPSS score of less than 1% suggests a low probability of exploitation in the near term. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires a victim to be authenticated and to visit a malicious site, implying a social‑engineering or phishing vector. No additional technical prerequisites are described.

Generated by OpenCVE AI on March 17, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Raytha CMS to version 1.4.6 or later
  • Verify that CSRF token verification is enabled on relevant endpoints
  • Monitor user accounts for suspicious activity and consider restricting critical actions to users with elevated privileges

Generated by OpenCVE AI on March 17, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Raytha
Raytha raytha
CPEs cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*
Vendors & Products Raytha
Raytha raytha
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification.  This issue was fixed in version 1.4.6.
Title Cross-Site Request Forgery in Raytha CMS
Weaknesses CWE-352
References
Metrics cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Raytha Raytha
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-03-16T13:49:57.010Z

Reserved: 2025-12-30T08:44:21.410Z

Link: CVE-2025-69238

cve-icon Vulnrichment

Updated: 2026-03-16T13:44:04.285Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:00.827

Modified: 2026-03-16T19:31:41.113

Link: CVE-2025-69238

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:02:39Z

Weaknesses