Cross-Frame Scripting Vulnerability in BoomCMS by UXB London
CVE-2025-41000

2.1LOW

Key Information:

Vendor: Boomcms
Status: Boomcms
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-41000?

BoomCMS v9.1.4 from UXB London is exposed to a Cross-Frame Scripting (XFS) vulnerability. This security flaw takes advantage of specific browser vulnerabilities, allowing attackers to execute malicious JavaScript that could spy on users or manipulate content in the targeted web application. The exploit's effectiveness is heightened when users operate outdated browser versions, leading to potential security compromises through social engineering tactics focused on deceiving users.

Affected Version(s)

BoomCMS 9.1.4

References

https://www.incibe.es/en/incibe-cert/notices/aviso/cross-...

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Sergio Corchado Lucero