Server-Side Request Forgery Vulnerability in Raytha CMS
CVE-2025-69239

5.1MEDIUM

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-69239?

Raytha CMS has a security vulnerability in the 'Themes - Import from URL' feature, which exposes the system to Server-Side Request Forgery (SSRF). This flaw allows an attacker with elevated privileges to provide a URL, thereby redirecting server-side HTTP requests to unauthorized locations. The issue was addressed in version 1.4.6, making it essential for users to upgrade to ensure system integrity and security.

Affected Version(s)

Raytha 0 < 1.4.6

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Daniel Basta

CVE-2025-69239 Data

JSON