CVE-2025-69246

CRITICAL

Lack of bruteforce protection in Raytha CMS

Title source: cna
STIX 2.1

Description

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6.

References (2)

Core 2
Core References
Third Party Advisory third-party-advisory
https://cert.pl/en/posts/2026/03/CVE-2025-69236
Product product
https://raytha.com

Scores

CVSS v3 9.8
EPSS 0.0038
EPSS Percentile 29.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-307
Status published
Products (2)
Raytha/Raytha < 1.4.6
raytha/raytha < 1.4.6
Published Mar 16, 2026
Tracked Since Mar 16, 2026