CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-52289

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 8.2%

CVSS Severity

CVSS v3 Score 8.0

References

https://github.com/Madhav-Bhardwaj/CVE-2025-52289
https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d

Products affected by CVE-2025-52289

Magnussolution » Magnusbilling » Version: 7.8.5.3

cpe:2.3:a:magnussolution:magnusbilling:7.8.5.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-52289

Products

Pricing

Contact Us