CVE-2025-69240

UNKNOWN 0.0

Header Poisoning in Raytha CMS

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account. This issue was fixed in version 1.4.6.

CWE	CWE-348
Vendor	raytha
Product	raytha
Published	Mar 16, 2026
Last Updated	Mar 16, 2026

Stay Ahead of the Next One

Get instant alerts for raytha raytha

Be the first to know when new unknown vulnerabilities affecting raytha raytha are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Raytha / Raytha

0 < 1.4.6

References

NVD ↗ CVE.org ↗ EPSS Data ↗

cert.pl: https://cert.pl/en/posts/2026/03/CVE-2025-69236 raytha.com: https://raytha.com

Credits

Daniel Basta