HIGH🇵🇱 Wersja polska

CVE-2025-69240

CVSS 7.5v4.0pub. 2026-03-16

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account. This issue was fixed in version 1.4.6.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Raytha

    APP
    Raytha
    < 1.4.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-15540HIGH8.6ten sam produkt

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to applicat...

CVE-2025-69236MEDIUM5.1ten sam produkt

Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authe...

CVE-2025-69237MEDIUM5.1ten sam produkt

Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Auth...

CVE-2025-69238MEDIUM6.9ten sam produkt

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special w...

CVE-2025-69239MEDIUM5.1ten sam produkt

Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows a...