CVE-2025-69243
Last modified
CVE-2025-69243 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.. EPSS estimates a 0.28% chance of exploitation in the next 30 days.
Description
Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Raytha | Raytha | < 1.5.0 |
References
- https://cert.pl/en/posts/2026/03/CVE-2025-69236Third Party Advisory
- https://raytha.comProduct
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-69243?
How severe is CVE-2025-69243?
How do I fix CVE-2025-69243?
Are you affected by CVE-2025-69243?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST