CVE-2025-41000
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-03

Last updated on: 2025-09-04

Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)

Description
Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-03
Last Modified
2025-09-04
Generated
2026-06-16
AI Q&A
2025-09-03
EPSS Evaluated
2026-06-15
NVD
CVE-2025-41000
EUVD
EUVD-2025-26496
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
uxb_london boomcms 9.1.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1021 The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-41000 is a Cross-Frame Scripting (XFS) vulnerability in BoomCMS version 9.1.4. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript by leveraging cross-frame interactions. The attack depends heavily on social engineering and the user's choice of browser, primarily affecting older browsers. It is considered a low-severity vulnerability. [1]

Impact Analysis

This vulnerability can allow attackers to spy on users through JavaScript by exploiting browser bugs, potentially compromising user privacy. However, it is a minor threat to web application security and only works on older browsers. The attack requires social engineering and user interaction to be successful. [1]

Detection Guidance

This vulnerability is a Cross-Frame Scripting (XFS) issue that exploits browser-specific bugs via JavaScript and relies on social engineering. Detection would involve monitoring for suspicious cross-frame JavaScript activity or unusual browser behavior, especially in older browsers. However, no specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

Since the vulnerability depends on older browsers and social engineering, immediate mitigation steps include advising users to update to modern browsers that are not affected by this XFS vulnerability and educating users about the risks of social engineering attacks. No patch or direct fix is currently available for BoomCMS v9.1.4. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41000. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart