Unrated severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026
Authenticated RCE in Raytha CMS
CVE-2025-15540
Description
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment.
This issue was fixed in version 1.4.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- cert.pl/en/posts/2026/03/CVE-2025-69236mitrethird-party-advisory
- raytha.commitreproduct
News mentions
0No linked articles in our index yet.