CVE-2025-15540

UNKNOWN 0.0

Authenticated RCE in Raytha CMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.

CWE	CWE-94
Vendor	raytha
Product	raytha
Published	Mar 16, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for raytha raytha

Be the first to know when new unknown vulnerabilities affecting raytha raytha are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Raytha / Raytha

0 < 1.4.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/03/CVE-2025-69236 raytha.com: https://raytha.com

Credits

Daniel Basta