Vulnerability in Raytha
CVE-2025-69240
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the d…
EPSS: 0.000 (7.0th percentile) — read the EPSS interpretation.
Affected products
- Raytha — versions 0
Weakness classification (CWE)
References
- cert.pl/en/posts/2026/03/CVE-2025-69236 (third-party-advisory)
- raytha.com (product)