CVE-2025-52289
HIGH EPSS 30.7%
Published Jul 31, 202511mo ago · Modified Jun 17, 20262w ago
8.0 CVSS 3.1
Published Jul 31, 2025 11mo ago
Last Modified Jun 17, 2026 2w ago
Description
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
30.7% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Weaknesses 2
CWE-269 Improper Privilege Management Authorization
CWE-284
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| magnussolution | magnusbilling | 7.8.5.3 | any |
References 2
- github.com https://github.com/Madhav-Bhardwaj/CVE-2025-52289
- github.com https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d
Remediation
- github.com https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d