CVE-2025-15540 describes a Remote Code Execution (RCE) vulnerability within the "Functions" module of Raytha CMS. This flaw allows privileged users to inject and execute custom code, bypassing security restrictions. The vulnerability impacts versions 0.0 through 1.4.6 of Raytha CMS, and a fix is available in version 1.4.6.
The impact of CVE-2025-15540 is severe. An attacker exploiting this vulnerability can execute arbitrary .NET code within the Raytha CMS application's hosting environment. This grants them complete control over the server, enabling data theft, modification, or deletion. They could also establish a persistent foothold, enabling lateral movement to other systems on the network. The ability to instantiate .NET components directly elevates the risk significantly, as it bypasses typical application-level security controls. The blast radius extends to any sensitive data processed or stored by the Raytha CMS application and potentially to other systems accessible from the compromised server.
As of the publication date (2026-03-16), there is no indication of active exploitation of CVE-2025-15540. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (POC) code is not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit once a POC is released. The ability to execute .NET code directly increases the likelihood of exploitation.
Organizations using Raytha CMS with privileged user accounts are at risk. This includes websites and applications that rely on Raytha CMS for content management or custom functionality. Shared hosting environments where multiple users share the same server are particularly vulnerable, as a compromised account could potentially impact other websites on the same server.
• windows / dotnet: Use PowerShell to check for suspicious .NET assemblies or code execution patterns within the Raytha CMS installation directory.
Get-ChildItem -Path "C:\Path\To\Raytha\CMS\Functions" -Filter *.dll -Recurse | Select-Object -ExpandProperty FullName• linux / server: Monitor system logs for unusual .NET process executions or errors related to the Raytha CMS application. Use lsof to identify processes accessing Raytha CMS files.
lsof | grep raytha• generic web: Monitor web server access logs for requests targeting the "functions" feature with unusual parameters. Check for unexpected .NET components being instantiated.
disclosure
エクスプロイト状況
EPSS
0.05% (15% パーセンタイル)
CISA SSVC
The primary mitigation for CVE-2025-15540 is to immediately upgrade Raytha CMS to version 1.4.6 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict access to the "functions" feature to only authorized personnel. Implement strict input validation and sanitization on any user-supplied code passed to the "functions" module. While a WAF might offer some protection, it's unlikely to be sufficient against this type of vulnerability. Thoroughly review any custom code added through the "functions" feature to ensure it does not contain malicious intent. After upgrading, confirm the fix by attempting to execute arbitrary code through the "functions" feature – it should be rejected.
Raytha CMSをバージョン1.4.6以降にアップデートしてください。このバージョンは、'Functions'モジュールを介したリモートコード実行を可能にする脆弱性を修正しています。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-15540 is a Remote Code Execution vulnerability in the Functions module of Raytha CMS, allowing privileged users to execute arbitrary .NET code.
You are affected if you are using Raytha CMS versions 0.0 through 1.4.6 and have privileged users with access to the Functions module.
Upgrade Raytha CMS to version 1.4.6 or later. If immediate upgrade is not possible, restrict access to the Functions module and implement strict input validation.
As of the publication date, there is no confirmed active exploitation of CVE-2025-15540, but the vulnerability's nature suggests it could be exploited.
Refer to the official Raytha CMS security advisory for details and further information regarding CVE-2025-15540.
packages.lock.json ファイルをアップロードすると、影響の有無を即座にお知らせします。