VYPR
Unrated severityNVD Advisory· Published Mar 16, 2026· Updated Mar 16, 2026

Authenticated RCE in Raytha CMS

CVE-2025-15540

Description

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment.

This issue was fixed in version 1.4.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Raytha/Raythallm-fuzzy2 versions
    <1.4.6+ 1 more
    • (no CPE)range: <1.4.6
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.