CVE-2025-69240
Awaiting Analysis Awaiting Analysis - Queue
Host Header Injection in Raytha CMS Enables Account Takeover

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: CERT.PL

Description
Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account. This issue was fixed in version 1.4.6.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-05-07
AI Q&A
2026-03-16
EPSS Evaluated
2026-05-05
NVD
CVE-2025-69240
EUVD
EUVD-2025-208707
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
raytha raytha to 1.4.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-348 The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in Raytha CMS allows an attacker to spoof the X-Forwarded-Host or Host headers to an attacker-controlled domain.

If the attacker knows the victim's email address, they can force the server to send a password reset email containing a link that points to the spoofed domain.

When the victim clicks this link, their browser sends a request to the attacker's domain including a token in the URL path.

The attacker can then capture this token and use it to reset the victim's password, effectively taking over the victim's account.


How can this vulnerability impact me? :

This vulnerability can lead to account takeover by an attacker.

If an attacker obtains a victim's email address, they can trick the system into sending a password reset link that leads to the attacker's domain.

By capturing the reset token, the attacker can reset the victim's password and gain unauthorized access to their account.

This compromises the victim's account security and can lead to further unauthorized actions within the system.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The vulnerability in Raytha CMS can be mitigated by upgrading the software to version 1.4.6 or later, where the issue has been fixed.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart