CVE-2025-69240
Awaiting Analysis Awaiting Analysis - Queue

Host Header Injection in Raytha CMS Enables Account Takeover

Vulnerability report for CVE-2025-69240, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: CERT.PL

Description

Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account. This issue was fixed in version 1.4.6.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-07-06
AI Q&A
2026-03-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
raytha raytha to 1.4.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-348 The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Raytha CMS allows an attacker to spoof the X-Forwarded-Host or Host headers to an attacker-controlled domain.

If the attacker knows the victim's email address, they can force the server to send a password reset email containing a link that points to the spoofed domain.

When the victim clicks this link, their browser sends a request to the attacker's domain including a token in the URL path.

The attacker can then capture this token and use it to reset the victim's password, effectively taking over the victim's account.

Impact Analysis

This vulnerability can lead to account takeover by an attacker.

If an attacker obtains a victim's email address, they can trick the system into sending a password reset link that leads to the attacker's domain.

By capturing the reset token, the attacker can reset the victim's password and gain unauthorized access to their account.

This compromises the victim's account security and can lead to further unauthorized actions within the system.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

The vulnerability in Raytha CMS can be mitigated by upgrading the software to version 1.4.6 or later, where the issue has been fixed.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69240. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart