CVE-2025-52289

Published: Jul 31, 2025

Modified: Jul 31, 2025

PUBLISHED

Description

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d

https://github.com/Madhav-Bhardwaj/CVE-2025-52289

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-52289

Description

Affected Products

References