CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2026/03/CVE-2025-69236	Third Party Advisory
https://raytha.com	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*

History

17 Mar 2026, 14:24

Type	Values Removed	Values Added
CPE		cpe:2.3:a:raytha:raytha::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
First Time		Raytha raytha Raytha
References	~~() https://cert.pl/en/posts/2026/03/CVE-2025-69236 -~~	() https://cert.pl/en/posts/2026/03/CVE-2025-69236 - Third Party Advisory
References	~~() https://raytha.com -~~	() https://raytha.com - Product

16 Mar 2026, 14:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-16 14:17

Updated : 2026-03-17 14:24

NVD link : CVE-2025-15540

Mitre link : CVE-2025-15540

CVE.ORG link : CVE-2025-15540

JSON object : View

Products Affected

raytha

raytha

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2025-15540", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-16T14:17:55.953", "references": [{"url": "https://cert.pl/en/posts/2026/03/CVE-2025-69236", "tags": ["Third Party Advisory"], "source": "cvd@cert.pl"}, {"url": "https://raytha.com", "tags": ["Product"], "source": "cvd@cert.pl"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "\"Functions\" module in Raytha CMS allows privileged users to\u00a0write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions,\u00a0JavaScript code executed through Raytha\u2019s \u201cfunctions\u201d feature can instantiate .NET components and perform arbitrary operations\u00a0within the application\u2019s hosting environment.\n\nThis issue was fixed in version 1.4.6."}], "lastModified": "2026-03-17T14:24:04.947", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A4FC7D6-F33F-4121-A375-B063263585FD", "versionEndExcluding": "1.4.6"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}