High severity8.0NVD Advisory· Published Jul 31, 2025· Updated Jun 17, 2026
CVE-2025-52289
CVE-2025-52289
Description
A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MagnusBilling/MagnusBillingdescription
- Range: =7.8.5.3
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.