CVE-2025-41000
BaseFortify
Publication date: 2025-09-03
Last updated on: 2025-09-04
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| uxb_london | boomcms | 9.1.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1021 | The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-41000 is a Cross-Frame Scripting (XFS) vulnerability in BoomCMS version 9.1.4. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript by leveraging cross-frame interactions. The attack depends heavily on social engineering and the user's choice of browser, primarily affecting older browsers. It is considered a low-severity vulnerability. [1]
How can this vulnerability impact me? :
This vulnerability can allow attackers to spy on users through JavaScript by exploiting browser bugs, potentially compromising user privacy. However, it is a minor threat to web application security and only works on older browsers. The attack requires social engineering and user interaction to be successful. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a Cross-Frame Scripting (XFS) issue that exploits browser-specific bugs via JavaScript and relies on social engineering. Detection would involve monitoring for suspicious cross-frame JavaScript activity or unusual browser behavior, especially in older browsers. However, no specific detection commands or tools are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability depends on older browsers and social engineering, immediate mitigation steps include advising users to update to modern browsers that are not affected by this XFS vulnerability and educating users about the risks of social engineering attacks. No patch or direct fix is currently available for BoomCMS v9.1.4. [1]