Skip to main content

Raytha CVE-2025-69239

| EUVDEUVD-2025-208705 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-03-16 CERT-PL
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.4.6
EUVD ID Assigned
Mar 16, 2026 - 12:00 euvd
EUVD-2025-208705
Analysis Generated
Mar 16, 2026 - 12:00 vuln.today
CVE Published
Mar 16, 2026 - 11:53 nvd
MEDIUM 5.1

DescriptionCVE.org

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.

This issue was fixed in version 1.4.6.

AnalysisAI

Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows authenticated high-privilege users to manipulate server-side HTTP requests to arbitrary destinations. An attacker with administrative or similar elevated privileges can leverage this to redirect the CMS server's outbound requests to internal systems, external resources, or arbitrary URLs, potentially leading to information disclosure or lateral movement attacks. The vulnerability affects versions prior to 1.4.6 and is fixed in version 1.4.6 and later.

Technical ContextAI

This vulnerability is rooted in CWE-918 (Server-Side Request Forgery), a class of attacks where an application makes HTTP requests to attacker-specified URLs without proper validation or restriction. In Raytha CMS (a content management system), the Theme Import from URL feature accepts user-supplied URLs and fetches remote theme files server-side. The application fails to implement adequate safeguards such as URL allowlisting, hostname validation, DNS rebinding protections, or blocking access to private IP address ranges (RFC 1918, link-local, loopback). When processing theme imports, the server does not restrict the destination of the HTTP request, allowing an attacker to craft requests to internal services (e.g., localhost:8080, 192.168.x.x), cloud metadata endpoints (169.254.169.254), or external malicious servers. The vulnerability requires high privileges (PR:H in CVSS v4.0), indicating the attacker must already possess administrative credentials or equivalent access to the CMS.

RemediationAI

Immediately upgrade Raytha CMS to version 1.4.6 or later, which includes patches to validate theme import URLs and prevent SSRF attacks. For organizations unable to patch immediately, implement network-level controls by restricting outbound connections from the CMS server to only approved external repositories and blocking access to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, and 169.254.0.0/16). Additionally, audit and minimize the number of users with administrative privileges, enforce strong authentication (multi-factor authentication), and monitor outbound HTTP requests from the CMS application for suspicious destinations. If theme imports are not essential, disable the Theme Import from URL feature entirely and switch to manual or pre-validated theme uploads.

More in Raytha

View all
CVE-2026-12076 CRITICAL
9.3 Jun 30

SQL injection in Raytha CMS 1.5.2 lets a remote, unauthenticated attacker inject arbitrary SQL through the OData filter

CVE-2025-15540 HIGH
8.8 Mar 16

A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operat

CVE-2025-69240 HIGH
7.5 Mar 16

A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwa

CVE-2025-69243 MEDIUM
6.9 Mar 16

Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages

CVE-2025-69246 MEDIUM
6.9 Mar 16

Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts wit

CVE-2025-69238 MEDIUM
6.9 Mar 16

Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce to

CVE-2025-69241 MEDIUM
5.3 Mar 16

Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically

CVE-2025-69245 MEDIUM
5.1 Mar 16

Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl paramete

CVE-2025-69242 MEDIUM
5.1 Mar 16

Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unau

CVE-2025-69237 MEDIUM
5.1 Mar 16

Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the Fie

CVE-2025-69236 MEDIUM
5.1 Mar 16

Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically wi

Share

CVE-2025-69239 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy