Description
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.

This issue was fixed in version 1.4.6.
Published: 2026-03-16
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Server-Side Request Forgery
Action: Apply patch
AI Analysis

Impact

Raytha CMS is vulnerable to Server‑Side Request Forgery (SSRF) through the "Themes – Import from URL" feature, allowing an attacker with high privileges to supply an arbitrary URL that the server will request. This weakness, identified as CWE‑918, can enable access to internal network resources, exfiltration of sensitive data, or further lateral movement, compromising data confidentiality, integrity, and potentially availability of the target system.

Affected Systems

The affected product is Raytha CMS under the vendor Raytha:Raytha. The vulnerability exists in all releases prior to version 1.4.6, as the issue was fixed in that release.

Risk and Exploitability

The CVSS score is 5.1, indicating a moderate severity, while the EPSS score is below 1%, signifying a low likelihood of exploitation. It is not listed in CISA's KEV catalog. Exploitation requires the attacker to have high‑privilege access to the CMS in order to use the import-from‑URL feature. Once accessed, the SSRF can reach any endpoint that the server can contact, including internal services and the Internet.

Generated by OpenCVE AI on March 17, 2026 at 14:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch to upgrade Raytha CMS to version 1.4.6 or newer.

Generated by OpenCVE AI on March 17, 2026 at 14:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Raytha
Raytha raytha
CPEs cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*
Vendors & Products Raytha
Raytha raytha
Metrics cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N'}

Mon, 16 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request. This issue was fixed in version 1.4.6.
Title Server-Site Request Forgery in Raytha CMS
Weaknesses CWE-918
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L'}

Subscriptions

Raytha Raytha
cve-icon MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published:

Updated: 2026-03-16T13:49:56.870Z

Reserved: 2025-12-30T08:44:21.410Z

Link: CVE-2025-69239

cve-icon Vulnrichment

Updated: 2026-03-16T13:44:01.879Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:18:01.010

Modified: 2026-03-16T19:31:17.540

Link: CVE-2025-69239

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:02:38Z

Weaknesses