User Enumeration Vulnerability in Raytha CMS by Raytha
CVE-2025-69243

6.9MEDIUM

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-69243?

Raytha CMS contains a user enumeration vulnerability in its password reset functionality. This flaw allows attackers to discern whether an account exists based on the differential messages returned during the password reset process. Such information can facilitate brute-force attacks, as an attacker may use valid credentials knowing they exist. This security issue has been addressed in version 1.5.0, emphasizing the importance of keeping systems updated to mitigate potential risks.

Affected Version(s)

Raytha 0 < 1.5.0

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Daniel Basta

CVE-2025-69243 Data

JSON