CVE-2025-52289

Published: Jul 31, 2025Modified: Aug 6, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.

Affected (1)

Products: Magnussolution: Magnusbilling

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Magnussolution Magnusbilling	Version 7.8.5.3

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://github.com/Madhav-Bhardwaj/CVE-2025-52289

Source: cve@mitre.org

Third Party Advisory

https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d

Source: cve@mitre.org

Patch

Timeline

No history available yet.