The Functions module in Raytha CMS allows privileged users to add custom code, but lacks adequate sandboxing and access restrictions. Vulnerable versions allow attackers to execute arbitrary .NET code within the application's hosting environment. This flaw has been patched in the 1.4.6 release of Raytha CMS.
Remediation
Upgrade Raytha CMS to version 1.4.6 or newer immediately. Restrict access to the Functions feature to only fully trusted administrative users until the update is completed. Audit existing custom functions for any unauthorized or malicious modifications.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.