CVE-2025-15540HIGH 8.8EPSS p37.4%

CVE-2025-15540CVE-2025-15540

Description

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.48% probability of exploitation · percentile 37.4% · 2026-06-18T12:00:27Z
Published2026-03-16
Last modified2026-03-17

Underlying weaknesses· 1

CWE-94

References

  1. https://cert.pl/en/posts/2026/03/CVE-2025-69236
  2. https://raytha.com

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69246
CVE
CVE-2025-69240
CVE
CVE-2025-54757
CVE
CVE-2025-55346
CVE
CVE-2025-69600
CVE
CVE-2025-54815
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.