CVE-2025-0666
📋 TL;DR
This stored cross-site scripting (XSS) vulnerability in BOINC Server allows attackers to inject malicious scripts into web pages that are then executed when viewed by other users. It affects all BOINC Server installations through version 1.4.7. The vulnerability enables attackers to steal session cookies, perform actions as authenticated users, or deface web interfaces.
💻 Affected Systems
- BOINC Server
📦 What is this software?
Boinc Server by Universityofcalifornia
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, take over the BOINC server, compromise user accounts, and potentially pivot to other systems in the network.
Likely Case
Attackers inject malicious JavaScript to steal session cookies from authenticated users, enabling account takeover and unauthorized access to the BOINC management interface.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before reaching users, preventing any exploitation.
🎯 Exploit Status
The advisory includes specific vulnerable endpoints and payload examples. Exploitation requires some level of access to input fields, but no authentication bypass is needed for stored XSS in user-accessible areas.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.8 or later
Vendor Advisory: https://boinc.berkeley.edu/
Restart Required: Yes
Instructions:
1. Backup current BOINC Server configuration and data. 2. Download BOINC Server version 1.4.8 or later from the official repository. 3. Stop the BOINC Server service. 4. Install the updated version following platform-specific installation procedures. 5. Restart the BOINC Server service. 6. Verify the update was successful.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize all user inputs before processing
# Requires custom implementation in BOINC Server codebase
# Add input sanitization functions to validate and escape user inputs
Web Application Firewall (WAF)
allDeploy a WAF with XSS protection rules to filter malicious payloads
# Configure WAF rules to block XSS patterns
# Example for ModSecurity: SecRule ARGS "<script" "id:1001,phase:2,deny"
🧯 If You Can't Patch
- Disable or restrict access to the BOINC web interface to trusted networks only
- Implement Content Security Policy (CSP) headers to restrict script execution sources
🔍 How to Verify
Check if Vulnerable:
Check BOINC Server version: if version is 1.4.7 or earlier, the system is vulnerable. Test input fields for XSS by attempting to inject basic script payloads.Check Version:
boinc --version | grep -i versionVerify Fix Applied:
After patching, verify version is 1.4.8 or later. Test previously vulnerable input fields with XSS payloads to confirm they are properly sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual long strings in input fields
- Script tags or JavaScript patterns in user submissions
- Multiple failed login attempts followed by script injection
Network Indicators:
- HTTP requests containing script tags or JavaScript in POST parameters
- Unusual traffic patterns to BOINC web interface endpoints
SIEM Query:
source="boinc" AND (http_request="*<script*" OR http_request="*javascript:*" OR http_request="*onload=*" OR http_request="*onerror=*")