← voltar
CVE-2025-15540

Authenticated RCE in Raytha CMS

CVSS 8.6 HIGHEPSS 0.5%CWE-94
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 8.6EPSS 0.5%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
16 mar 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L
Produtos afetados
Raytha · Raytha

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cert.pl/en/posts/2026/03/CVE-2025-69236https://raytha.com