Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L
Lifecycle Timeline
4DescriptionCVE.org
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.
This issue was fixed in version 1.4.6.
AnalysisAI
Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows authenticated high-privilege users to manipulate server-side HTTP requests to arbitrary destinations. An attacker with administrative or similar elevated privileges can leverage this to redirect the CMS server's outbound requests to internal systems, external resources, or arbitrary URLs, potentially leading to information disclosure or lateral movement attacks. The vulnerability affects versions prior to 1.4.6 and is fixed in version 1.4.6 and later.
Technical ContextAI
This vulnerability is rooted in CWE-918 (Server-Side Request Forgery), a class of attacks where an application makes HTTP requests to attacker-specified URLs without proper validation or restriction. In Raytha CMS (a content management system), the Theme Import from URL feature accepts user-supplied URLs and fetches remote theme files server-side. The application fails to implement adequate safeguards such as URL allowlisting, hostname validation, DNS rebinding protections, or blocking access to private IP address ranges (RFC 1918, link-local, loopback). When processing theme imports, the server does not restrict the destination of the HTTP request, allowing an attacker to craft requests to internal services (e.g., localhost:8080, 192.168.x.x), cloud metadata endpoints (169.254.169.254), or external malicious servers. The vulnerability requires high privileges (PR:H in CVSS v4.0), indicating the attacker must already possess administrative credentials or equivalent access to the CMS.
RemediationAI
Immediately upgrade Raytha CMS to version 1.4.6 or later, which includes patches to validate theme import URLs and prevent SSRF attacks. For organizations unable to patch immediately, implement network-level controls by restricting outbound connections from the CMS server to only approved external repositories and blocking access to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8, and 169.254.0.0/16). Additionally, audit and minimize the number of users with administrative privileges, enforce strong authentication (multi-factor authentication), and monitor outbound HTTP requests from the CMS application for suspicious destinations. If theme imports are not essential, disable the Theme Import from URL feature entirely and switch to manual or pre-validated theme uploads.
SQL injection in Raytha CMS 1.5.2 lets a remote, unauthenticated attacker inject arbitrary SQL through the OData filter
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operat
A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwa
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages
Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts wit
Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce to
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl paramete
Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unau
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the Fie
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically wi
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208705