Reflected XSS Vulnerability in Raytha CMS Logon Functionality
CVE-2025-69245

5.1MEDIUM

Key Information:

Vendor: Raytha
Status: Raytha
Vendor: CVE Published:; 16 March 2026

What is CVE-2025-69245?

Raytha CMS is susceptible to a reflected cross-site scripting vulnerability through the returnUrl parameter in its logon process. This flaw allows attackers to create a malicious URL that, when accessed by a logged-in user, executes arbitrary JavaScript code in the victim's web browser. Such an exploit can lead to unauthorized actions or manipulation of user sessions. The issue has been addressed in version 1.4.6 of the CMS.

Affected Version(s)

Raytha 0 < 1.4.6

References

https://cert.pl/en/posts/2026/03/CVE-2025-69236

third-party-advisory

https://raytha.com

product

CVSS V4

Score:

5.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Dec 30, 2025

Credit

Patryk Kieszek

Daniel Basta

CVE-2025-69245 Data

JSON