CVE-2025-69238

Source
https://cve.org/CVERecord?id=CVE-2025-69238
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69238.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-69238
Published
2026-03-16T11:53:11.083Z
Modified
2026-07-08T07:01:35.048952567Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Cross-Site Request Forgery in Raytha CMS
Details

Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification. 

This issue was fixed in version 1.4.6.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/69xxx/CVE-2025-69238.json",
    "cwe_ids": [
        "CWE-352"
    ],
    "cna_assigner": "CERT-PL"
}
References

Affected packages

Git / github.com/raythahq/raytha

Affected ranges

Type
GIT
Repo
https://github.com/raythahq/raytha
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:raytha:raytha:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.4.6"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Affected versions

v0.*
v0.9.0
v0.9.1
v0.9.2
v0.9.3
v0.9.4
v1.*
v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.1.4
v1.1.5
v1.2.0
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-69238.json"