Skip to main content

Open Redirect CVE-2025-69245

| EUVDEUVD-2025-208715 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-16 CERT-PL
5.1
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
A

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
1.4.6
EUVD ID Assigned
Mar 16, 2026 - 12:00 euvd
EUVD-2025-208715
Analysis Generated
Mar 16, 2026 - 12:00 vuln.today
CVE Published
Mar 16, 2026 - 11:54 nvd
MEDIUM 5.1

DescriptionCVE.org

Raytha CMS is vulnerable to Reflected XSS via returnUrl parameter in logon functionality. An attacker can craft a malicious URL which, when opened by the authenticated victim, results in arbitrary JavaScript execution in the victim’s browser.

This issue was fixed in 1.4.6.

AnalysisAI

Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl parameter that allows attackers to inject arbitrary JavaScript code. When an authenticated victim clicks a malicious URL crafted by an attacker, the injected script executes in the victim's browser with the victim's privileges, potentially enabling session hijacking, credential theft, or unauthorized actions within the CMS. The vulnerability was remediated in version 1.4.6, and while no CVSS score or EPSS data is currently available, the nature of XSS in authentication contexts represents a significant security risk requiring prompt patching.

Technical ContextAI

This vulnerability is a Reflected XSS flaw classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), a critical web application vulnerability class. The returnUrl parameter in Raytha CMS's logon endpoint fails to properly sanitize or validate user-supplied input before reflecting it back into HTTP responses. Raytha CMS is a content management system platform, and the logon functionality represents a security-critical component where user authentication state is established. The vulnerability exists because the application likely constructs redirect URLs or displays user-controlled data without encoding or filtering special characters (such as angle brackets, quotes, or event handlers) that have meaning in HTML and JavaScript contexts. When an attacker-controlled value in returnUrl is embedded into an HTML response without proper output encoding, the browser interprets embedded JavaScript tags or event handlers as executable code rather than plain text.

RemediationAI

Upgrade Raytha CMS to version 1.4.6 or later immediately to remediate this vulnerability. This patch release includes input validation and output encoding fixes for the returnUrl parameter in the logon endpoint. Organizations unable to patch immediately should implement temporary mitigations: enforce strict Content Security Policy (CSP) headers to restrict script execution sources, deploy a Web Application Firewall (WAF) rule to detect and block malicious returnUrl patterns (such as those containing 'javascript:', event handlers, or encoded script tags), restrict user access to the logon endpoint to trusted IP ranges if feasible, and educate users to avoid clicking suspicious links in emails or messages. Additionally, monitor CMS logs for unusual activity in the logon endpoint. Once patching is completed, verify the fix by testing the returnUrl parameter with common XSS payloads to confirm proper encoding.

CVE-2024-52875 HIGH POC
8.8 Jan 31

GFI Kerio Control versions 9.2.5 through 9.4.5 contain an HTTP response splitting vulnerability in the dest parameter of

CVE-2024-21641 MEDIUM POC
6.5 Jan 05

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exp

CVE-2025-4123 HIGH POC
7.6 May 22

A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redire

CVE-2025-31491 HIGH POC
8.6 Apr 15

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that aut

CVE-2025-25198 HIGH POC
7.1 Feb 12

mailcow: dockerized is an open source groupware/email suite based on docker. Rated high severity (CVSS 7.1), this vulner

CVE-2024-51321 HIGH POC
7.6 Mar 11

In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to redirect the victim to

CVE-2025-3155 HIGH POC
7.4 Apr 03

A flaw was found in Yelp. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication

CVE-2025-68616 HIGH POC
7.5 Jan 19

WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) pro

CVE-2025-0673 HIGH POC
7.5 Jun 12

A denial of service vulnerability in GitLab CE/EE affecting all (CVSS 7.5) that allows an attacker. Risk factors: public

CVE-2024-57241 MEDIUM POC
6.5 Feb 11

Dedecms 5.71sp1 and earlier is vulnerable to URL redirect. Rated medium severity (CVSS 6.5), this vulnerability is remot

CVE-2024-13888 HIGH POC
7.2 Feb 20

The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. Rated

CVE-2026-25649 HIGH POC
7.3 Feb 23

Traccar GPS tracking system through version 6.11.1 allows authenticated users to hijack OAuth 2.0 authorization codes th

Share

CVE-2025-69245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy