CVE-2025-69243 MEDIUM

CVE-2025-69243: User enumeration in Raytha CMS

Vendor Raytha
Product Raytha
Weakness CWE-204
Published March 16, 2026
Last update March 16, 2026

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Raytha CMS is vulnerable to User Enumeration in password reset functionality. Difference in messages could allow an attacker to determine if the login is valid or not, enabling a brute force attack with valid logins. This issue was fixed in version 1.5.0.

Key dates

02Disclosure timeline

March 16, 2026 CVE published
March 16, 2026 Record updated