How to fix EUVD-2025-208713?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Raytha affected by EUVD-2025-208713?

Organizations using Raytha CMS should be aware of notable risk from CVE-2025-69243 rated CVSS 6.9. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-208713

| CVE-2025-69243 MEDIUM

2026-03-16 CERT-PL

6.9

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 16, 2026 - 12:00 vuln.today

EUVD ID Assigned

Mar 16, 2026 - 12:00 euvd

EUVD-2025-208713

CVE Published

Mar 16, 2026 - 11:54 nvd

MEDIUM 6.9

Description

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.

Analysis

Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages reveal whether a login exists in the system, enabling attackers to build valid user lists for targeted brute force attacks. This vulnerability affects Raytha CMS versions prior to 1.5.0. The moderate CVSS score of 6.9 reflects the information disclosure risk, though real-world impact depends on how attackers chain this enumeration with other attacks.

Technical Context

The vulnerability stems from CWE-204 (Observable Discrepancy), a classic information disclosure weakness where an application provides different responses based on whether user input is valid. In Raytha CMS's password reset workflow, the system likely returns distinct error messages such as 'User not found' versus 'Password reset link sent' or similar variants. This allows an attacker to distinguish between valid and invalid usernames without authentication. The root cause is insufficient input validation and inadequate response normalization in the password reset endpoint, failing to follow security best practices that recommend identical responses for both valid and invalid inputs to prevent enumeration attacks.

Affected Products

Raytha CMS versions prior to 1.5.0 are affected by this user enumeration vulnerability. The vendor released version 1.5.0 as a fix, indicating that all deployments running earlier versions require immediate patching. Organizations should consult the official Raytha CMS GitHub repository and security advisories for confirmation of affected versions and to obtain the patched release.

Remediation

Upgrade Raytha CMS to version 1.5.0 or later immediately to resolve the user enumeration issue. Until patching can be completed, implement defensive measures including rate limiting on password reset endpoints (enforce CAPTCHA after 5 failed attempts), implement account lockout policies after multiple failed password reset requests, and enable monitoring and alerting for bulk password reset requests from single IP addresses. Additionally, consider implementing HTTPS-only access and restricting password reset functionality to authenticated sessions or adding email verification delays to reduce enumeration speed.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: 0

EUVD-2025-208713 vulnerability details – vuln.today

Back

EUVD-2025-208713

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-208713

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code