CVE Vulnerabilities

CVE-2025-52289

Improper Privilege Management

Published: Jul 31, 2025 | Modified: Aug 06, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom pending to active without requiring administrator approval.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Magnusbilling Magnussolution 7.8.5.3 (including) 7.8.5.3 (including)

Potential Mitigations

References