Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Lifecycle Timeline
4DescriptionCVE.org
Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.
This issue was fixed in version 1.5.0.
AnalysisAI
Raytha CMS contains a user enumeration vulnerability in its password reset functionality where differing error messages reveal whether a login exists in the system, enabling attackers to build valid user lists for targeted brute force attacks. This vulnerability affects Raytha CMS versions prior to 1.5.0. The moderate CVSS score of 6.9 reflects the information disclosure risk, though real-world impact depends on how attackers chain this enumeration with other attacks.
Technical ContextAI
The vulnerability stems from CWE-204 (Observable Discrepancy), a classic information disclosure weakness where an application provides different responses based on whether user input is valid. In Raytha CMS's password reset workflow, the system likely returns distinct error messages such as 'User not found' versus 'Password reset link sent' or similar variants. This allows an attacker to distinguish between valid and invalid usernames without authentication. The root cause is insufficient input validation and inadequate response normalization in the password reset endpoint, failing to follow security best practices that recommend identical responses for both valid and invalid inputs to prevent enumeration attacks.
RemediationAI
Upgrade Raytha CMS to version 1.5.0 or later immediately to resolve the user enumeration issue. Until patching can be completed, implement defensive measures including rate limiting on password reset endpoints (enforce CAPTCHA after 5 failed attempts), implement account lockout policies after multiple failed password reset requests, and enable monitoring and alerting for bulk password reset requests from single IP addresses. Additionally, consider implementing HTTPS-only access and restricting password reset functionality to authenticated sessions or adding email verification delays to reduce enumeration speed.
SQL injection in Raytha CMS 1.5.2 lets a remote, unauthenticated attacker inject arbitrary SQL through the OData filter
A code injection vulnerability in Raytha CMS's Functions module allows privileged users to execute arbitrary .NET operat
A host header injection vulnerability in Raytha CMS allows attackers to hijack password reset tokens by spoofing X-Forwa
Raytha CMS lacks brute force protection mechanisms, allowing attackers to conduct unlimited automated login attempts wit
Raytha CMS contains a Cross-Site Request Forgery (CSRF) vulnerability across multiple endpoints that fails to enforce to
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the profile editing functionality, specifically
Raytha CMS contains a Reflected Cross-Site Scripting (XSS) vulnerability in the logon functionality's returnUrl paramete
Raytha CMS contains a reflected cross-site scripting (XSS) vulnerability in the backToListUrl parameter that allows unau
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the page creation functionality through the Fie
Raytha CMS contains a Stored Cross-Site Scripting (XSS) vulnerability in the post editing functionality, specifically wi
Raytha CMS contains a Server-Side Request Forgery (SSRF) vulnerability in its Theme Import from URL feature that allows
Same weakness CWE-204 – Observable Response Discrepancy
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-208713