Security Advisory

CVE-2025-15540

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-16 11:52:33

Last updated 2026-03-16 14:20:16

Assigner CERT-PL

State PUBLISHED

Description

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary operations within the application’s hosting environment. This issue was fixed in version 1.4.6.

← Browse all CVEs View on cve.org ↗