Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment.
This issue was fixed in version 1.4.6.
AnalysisAI
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operations through unrestricted JavaScript code execution, effectively bypassing application sandboxing. The vulnerability affects Raytha CMS versions prior to 1.4.6 and enables authenticated administrators to compromise the application's hosting environment. No active exploitation has been reported (not in KEV), no public POC is available, and EPSS data is not yet available for this recently disclosed vulnerability.
Technical ContextAI
The vulnerability exists in Raytha CMS, an open-source content management system, specifically within its Functions module that allows custom JavaScript code execution. The root cause is CWE-94 (Improper Control of Generation of Code), where user-supplied JavaScript code can instantiate .NET Framework components without proper sandboxing or access controls. This architectural flaw allows JavaScript code to break out of its intended execution boundary and interact directly with the underlying .NET runtime, enabling arbitrary operations within the application's hosting environment.
RemediationAI
Upgrade Raytha CMS to version 1.4.6 or later, which contains the fix for this vulnerability. As a temporary mitigation until patching is possible, restrict access to the Functions module to only the most trusted administrators and implement additional monitoring for any custom function creation or modification. Organizations should also review any existing custom functions for potentially malicious code and audit administrator account access logs for suspicious activity.
SQL injection in Raytha CMS 1.5.2 lets a remote, unauthenticated attacker inject arbitrary SQL through the OData filter
A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwa
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages
Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts wit
Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce to
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl paramete
Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unau
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the Fie
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically wi
Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows
Same weakness CWE-94 – Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208697