Unrated severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026
Authenticated RCE in Raytha CMS
CVE-2025-15540
Description
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment.
This issue was fixed in version 1.4.6.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- cert.pl/en/posts/2026/03/CVE-2025-69236mitrethird-party-advisory
- raytha.commitreproduct
News mentions
0No linked articles in our index yet.