Raytha CMS does not have any brute force protection mechanism implemented. It allows an attacker to send multiple automated logon requests without triggering lockout, throttling, or step-up challenges. This issue was fixed in version 1.4.6.CreditsDaniel BastaReferenceshttps://cert.pl/en/posts/2026/03/CVE-2025-69236https://raytha.com
