CVE-2025-69243

Summary

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins.

This issue was fixed in version 1.5.0.

Affected Software

VendorProductVersion RangeStatus
RaythaRaytha0 < 1.5.0affected

Weaknesses

  • CWE-204: CWE-204 Observable Response Discrepancy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References