EUVD-2025-208703
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
Lifecycle Timeline
3Description
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification. This issue was fixed in version 1.4.6.
Analysis
Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce token verification on POST requests. An authenticated user can be tricked into visiting a malicious website crafted by an attacker, which automatically submits unauthorized requests (such as data deletion) to the Raytha CMS application without requiring explicit user confirmation. This vulnerability affects Raytha CMS versions prior to 1.4.6 and has a CVSS score of 6.9 with medium real-world exploitability.
Technical Context
The vulnerability stems from insufficient CSRF protection mechanisms within Raytha CMS, classified under CWE-352 (Cross-Site Request Forgery). Modern web applications typically mitigate CSRF attacks through synchronizer tokens (CSRF tokens) or SameSite cookie attributes that validate POST requests originate from legitimate in-application forms rather than external sources. Raytha CMS fails to implement proper token verification on sensitive endpoints, allowing an unauthenticated attacker to craft a request that leverages an authenticated victim's active session. The CVSS vector (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N) indicates network accessibility with low complexity and requires user interaction, with high integrity impact (data modification/deletion possible). The vulnerability affects Raytha CMS product line prior to version 1.4.6 (CPE data would reference cpe:2.3:a:raytha:raytha_cms).
Affected Products
Raytha CMS versions prior to 1.4.6 are affected by this CSRF vulnerability. The vulnerability impacts all installations running Raytha CMS below version 1.4.6, as confirmed through the vendor security advisory that identified the issue and delivered a fix in version 1.4.6. Organizations should verify their Raytha CMS instance version immediately and plan upgrade activities accordingly.
Remediation
Upgrade Raytha CMS to version 1.4.6 or later as soon as possible, which includes the necessary CSRF token verification fixes. This is the primary and most reliable remediation. As an interim mitigation prior to patching, restrict administrative access to Raytha CMS via network-level controls (IP whitelisting, VPN requirements), enforce HTTPS with HSTS headers to prevent man-in-the-middle attacks that could facilitate CSRF, implement SameSite=Strict cookie attributes if configurable, and educate administrators to avoid visiting untrusted websites while authenticated to Raytha CMS. Verify the upgrade is successful by confirming version 1.4.6 or higher is running and reviewing application logs for any suspicious POST requests from unauthorized sources.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today