Cross-Site Request Forgery Vulnerability in Raytha CMS by Raytha
CVE-2025-69238

6.9MEDIUM

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-69238?

Raytha CMS is vulnerable to Cross-Site Request Forgery (CSRF) attacks, affecting multiple endpoints. This vulnerability allows an attacker to craft a malicious website that, when visited by an authenticated user, can automatically send unauthorized POST requests to the application's endpoints, such as those responsible for data deletion. The lack of proper token verification makes it possible for attackers to exploit this vulnerability, potentially compromising user data and application integrity. The issue was addressed in version 1.4.6 of Raytha CMS.

Affected Version(s)

Raytha 0 < 1.4.6

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Daniel Basta

CVE-2025-69238 Data

JSON