Vulnerability in Raytha

CVE-2025-69246

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4…

EPSS: 0.001 (19.5th percentile) — read the EPSS interpretation.

Affected products

Raytha — versions 0

Weakness classification (CWE)

CWE-307 — Improper Restriction of Excessive Authentication Attempts

References

cert.pl/en/posts/2026/03/CVE-2025-69236 (third-party-advisory)
raytha.com (product)