CVE-2025-69239: Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows an attacker
infovulnerability
security
Summary
Raytha CMS has a vulnerability called SSRF (server-side request forgery, where an attacker tricks the server into making HTTP requests to unintended locations) in its "Themes - Import from URL" feature that allows high-privilege attackers to redirect the server's own HTTP requests. This vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 5.1, classified as medium severity.
Solution / Mitigation
This issue was fixed in version 1.4.6.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
March 16, 2026
Classification
Attack SophisticationModerate
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-69239
First tracked: March 16, 2026 at 12:07 PM
Classified by LLM (prompt v3) · confidence: 95%