CVE-2025-56008 – A cross-site scripting (XSS) vulnerability in K... (How to Fix)

Q: What is the severity of CVE-2025-56008?

CVE-2025-56008 has a CVSS score of 6.1 (MEDIUM). A cross-site scripting (XSS) vulnerability in KeeneticOS allows attackers physically near the router to inject malicious scripts into the 'Wireless ISP' configuration page. This enables them to create new administrative users with full permissions, potentially taking over the device. Only Keenetic routers running vulnerable versions are affected.

📋 TL;DR

A cross-site scripting (XSS) vulnerability in KeeneticOS allows attackers physically near the router to inject malicious scripts into the 'Wireless ISP' configuration page. This enables them to create new administrative users with full permissions, potentially taking over the device. Only Keenetic routers running vulnerable versions are affected.

💻 Affected Systems

Products:

Keenetic routers with KeeneticOS

Versions: All versions before 4.3

Operating Systems: KeeneticOS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects routers with web interface accessible and 'Wireless ISP' feature enabled

📦 What is this software?

Keeneticos by Keenetic

View all CVEs affecting Keeneticos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device takeover by nearby attacker, enabling network traffic interception, malware deployment, and persistent backdoor access.

🟠

Likely Case

Unauthorized administrative user creation leading to device compromise and network surveillance.

🟢

If Mitigated

Limited impact if proper network segmentation and physical security prevent attacker proximity.

🌐 Internet-Facing: LOW (requires physical proximity to router)

🏢 Internal Only: HIGH (attackers on local network or physically nearby can exploit)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires attacker to be within wireless range and trick authenticated user into visiting malicious page

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: KeeneticOS 4.3 or later

Vendor Advisory: https://keenetic.com/global/security#october-2025-web-api-vulnerabilities

Restart Required: No

Instructions:

1. Log into router web interface. 2. Navigate to System > Firmware Update. 3. Check for updates and install KeeneticOS 4.3 or newer. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Disable Wireless ISP feature

all

Temporarily disable the vulnerable 'Wireless ISP' configuration page

Restrict web interface access

all

Limit web admin interface to wired connections only

🧯 If You Can't Patch

Physically secure router location to prevent nearby attackers
Implement network segmentation to isolate router management interface

🔍 How to Verify

Check if Vulnerable:

Check KeeneticOS version in web interface under System > About. If version is below 4.3, device is vulnerable.

Check Version:

No CLI command available. Must check via web interface at System > About.

Verify Fix Applied:

Confirm KeeneticOS version is 4.3 or higher in System > About page.

📡 Detection & Monitoring

Log Indicators:

Unexpected new user account creation
Multiple failed login attempts followed by successful admin login
Unusual configuration changes to Wireless ISP settings

Network Indicators:

Suspicious JavaScript payloads in HTTP requests to router management interface
Unexpected admin user logins from new devices

SIEM Query:

source="router_logs" AND (event="user_created" OR event="config_changed") AND user="admin"

📊 Metadata

CVE ID: CVE-2025-56008

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.04% exploit probability (12.6th percentile)

Published: October 23, 2025

Last Updated: November 4, 2025

🔗 References

https://keenetic.com/ Product
https://keenetic.com/global/security#october-2025-web-api-vulnerabilities Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56008, you might also want to check these: