We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-52289



Description

A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.

Reserved 2025-06-16 | Published 2025-07-31 | Updated 2025-07-31 | Assigner mitre

References

github.com/...ommit/f886330e9e9216a3830775610a4a83f970c08e8d

github.com/Madhav-Bhardwaj/CVE-2025-52289

cve.org (CVE-2025-52289)

nvd.nist.gov (CVE-2025-52289)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-52289

Support options

Helpdesk Chat, Email, Knowledgebase