Home > Vulnerability Database > CVE-2025-41000

Mend.io Vulnerability Database

CVE-2025-41000

Good to know:

Date: September 3, 2025

Cross-Frame Scripting (XFS) vulnerability in BoomCMS v9.1.4 from UXB London. XFS is a web attack technique that exploits specific browser bugs to spy on users via JavaScript. This type of attack is based on social engineering and depends entirely on the browser chosen by the user, so it is perceived as a minor threat to web application security. This vulnerability only works in older browsers.

Severity Score

4.3

Related Resources (3)

Url: https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-boomcms

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-41000

Url: https://www.mend.io/vulnerability-database/CVE-2025-41000

Severity Score

4.3

Weakness Type (CWE)

Improper Restriction of Rendered UI Layers or Frames

CWE-1021

Top Fix

Upgrade Version

Upgrade to version boomcms/boom-core - no_fix

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-41000

Good to know:

Date: September 3, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?