CVE-2025-41000 LOW

CVE-2025-41000: Cross-Frame Scripting (XFS) in BoomCMS

Vendor Boomcms
Product BoomCMS
Weakness CWE-1021
Published September 3, 2025
Last update September 3, 2025

CVSS base score

2.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

Key dates

02Disclosure timeline

September 3, 2025 CVE published
September 3, 2025 Record updated