CVE-2025-69246CRITICAL 9.8EPSS p29.7%

CVE-2025-69246CVE-2025-69246

Description

Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.38% probability of exploitation · percentile 29.7% · 2026-06-19T12:03:05Z
Published2026-03-16
Last modified2026-03-16

Underlying weaknesses· 1

CWE-307

References

  1. https://cert.pl/en/posts/2026/03/CVE-2025-69236
  2. https://raytha.com

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-3070%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-69240
CVE
CVE-2025-15540
CVE
CVE-2025-58587
CVE
CVE-2025-46739
CVE
CVE-2025-7393
CVE
CVE-2025-50850
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.