MEDIUMCVE-2025-69238

CVE-2025-69238: CSRF in Raytha CMS

Platform

other

Component

raytha

Fixed in

1.4.6

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2025-69238 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting Raytha CMS. This vulnerability allows an attacker to trick authenticated users into unknowingly performing actions on the CMS, potentially leading to unauthorized data modification or deletion. The vulnerability impacts versions 0.0 through 1.4.6, and a fix is available in version 1.4.6.

Impact and Attack Scenarios

The primary impact of this CSRF vulnerability is the potential for unauthorized actions to be performed on a Raytha CMS instance. An attacker could craft a malicious website that, when visited by an authenticated user, automatically sends a POST request to a vulnerable endpoint. This could result in the deletion of data, modification of user permissions, or other actions that compromise the integrity and confidentiality of the CMS and its associated data. The blast radius extends to any authenticated user of the CMS, making it a significant risk for organizations relying on Raytha CMS.

Exploitation Context

CVE-2025-69238 was publicly disclosed on 2026-03-16. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability is not currently listed on the CISA KEV catalog. Exploitation probability is considered low due to the lack of public PoCs, but the ease of CSRF exploitation means it remains a potential threat.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

EPSS

0.02% (3% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

Affected Software

Componentraytha

VendorRaytha

Affected rangeFixed in

0 – 1.4.61.4.6

Weakness Classification (CWE)

CWE-352

Timeline

Reserved2025-12-30
Published2026-03-16
EPSS updated2026-03-23

Mitigation and Workarounds

The recommended mitigation for CVE-2025-69238 is to immediately upgrade Raytha CMS to version 1.4.6 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as adding CSRF tokens to all sensitive endpoints. Web Application Firewalls (WAFs) configured to detect and block CSRF attacks can also provide a layer of protection. Regularly review CMS configurations to ensure proper access controls and security settings are in place.

How to fix

Update Raytha CMS to version 1.4.6 or higher. This version fixes the Cross-Site Request Forgery (CSRF) vulnerability by implementing token verification on the affected endpoints. The update will prevent attackers from executing unauthorized actions on behalf of authenticated users.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-69238 — CSRF in Raytha CMS?

CVE-2025-69238 is a Cross-Site Request Forgery (CSRF) vulnerability in Raytha CMS versions 0.0 - 1.4.6, allowing attackers to perform actions as authenticated users.

Am I affected by CVE-2025-69238 in Raytha CMS?

Yes, if you are using Raytha CMS versions 0.0 through 1.4.6, you are potentially affected by this vulnerability.

How do I fix CVE-2025-69238 in Raytha CMS?

Upgrade Raytha CMS to version 1.4.6 or later to resolve the vulnerability. Consider CSRF token implementation as a temporary workaround.

Is CVE-2025-69238 being actively exploited?

There are currently no confirmed reports of active exploitation, but the ease of CSRF exploitation means it remains a potential threat.

Where can I find the official Raytha CMS advisory for CVE-2025-69238?

Please refer to the Raytha CMS official website or security advisories for the latest information and updates regarding CVE-2025-69238.