← Voltar para CVEs
CVE-2025-69246
CRITICAL9.8
Descricao
Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado3/16/2026
Ultima modificacao3/16/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
raytha:raytha
Fraquezas (CWE)
CWE-307
Referencias
https://cert.pl/en/posts/2026/03/CVE-2025-69236(cvd@cert.pl)
https://raytha.com(cvd@cert.pl)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.