{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15540","assignerOrgId":"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6","state":"PUBLISHED","assignerShortName":"CERT-PL","dateReserved":"2026-01-19T12:32:08.960Z","datePublished":"2026-03-16T11:52:33.319Z","dateUpdated":"2026-03-16T14:20:16.168Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","modules":["Functions"],"product":"Raytha","repo":"https://github.com/raythahq/raytha","vendor":"Raytha","versions":[{"lessThan":"1.4.6","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Daniel Basta"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\"Functions\" module in Raytha CMS allows privileged users to&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions,&nbsp;JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations&nbsp;within the application’s hosting environment.</span><br><br>This issue was fixed in version 1.4.6."}],"value":"\"Functions\" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment.\n\nThis issue was fixed in version 1.4.6."}],"impacts":[{"capecId":"CAPEC-242","descriptions":[{"lang":"en","value":"CAPEC-242 Code Injection"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"HIGH","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-94","description":"CWE-94 Improper Control of Generation of Code ('Code Injection')","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"4bb8329e-dd38-46c1-aafb-9bf32bcb93c6","shortName":"CERT-PL","dateUpdated":"2026-03-16T11:52:33.319Z"},"references":[{"tags":["third-party-advisory"],"url":"https://cert.pl/en/posts/2026/03/CVE-2025-69236"},{"tags":["product"],"url":"https://raytha.com"}],"source":{"discovery":"EXTERNAL"},"tags":["x_open-source"],"title":"Authenticated RCE in Raytha CMS","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2025-15540","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2026-03-16T14:07:32.977179Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-16T14:20:16.168Z"}}]}}