CVE-2025-69246
Brute Force Vulnerability in Raytha CMS Allows Unlimited Login Attempts
Publication date: 2026-03-16
Last updated on: 2026-03-16
Assigner: CERT.PL
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| raytha | raytha | to 1.4.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in Raytha CMS is due to the absence of any brute force protection mechanism. This means that an attacker can send multiple automated login attempts without triggering any security measures such as account lockout, request throttling, or additional verification steps.
How can this vulnerability impact me? :
Because there is no protection against repeated login attempts, an attacker could potentially guess or crack user credentials by trying many passwords automatically. This could lead to unauthorized access to user accounts or administrative functions within Raytha CMS.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade Raytha CMS to version 1.4.6 or later, where the issue has been fixed.