JavaScript Execution Vulnerability in Raytha CMS due to Inadequate Access Controls
CVE-2025-15540

8.6HIGH

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-15540?

The Raytha CMS 'Functions' module permits privileged users to execute custom code, potentially compromising application security. Without proper sandboxing or access restrictions, this feature can allow attackers to run arbitrary JavaScript and instantiate .NET components, enabling unauthorized operations within the hosting environment. It is crucial for users to update to version 1.4.6 to mitigate this risk and enhance their application's security posture.

Affected Version(s)

Raytha 0 < 1.4.6

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Jan 19, 2026

Credit

Daniel Basta

CVE-2025-15540 Data

JSON