CVE-2025-52289 PoC — MagnusBilling 安全漏洞

Source

https://github.com/Madhav-Bhardwaj/CVE-2025-52289

Associated Vulnerability

Title:MagnusBilling 安全漏洞 (CVE-2025-52289)
Description:MagnusBilling是MagnusSolution开源的一种快速、安全、高效、高可用性的 VOIP 计费。 MagnusBilling v7.8.5.3版本存在安全漏洞，该漏洞源于访问控制不当，可能导致权限提升。

Readme

# CVE-2025-52289: Broken Access Control in MagnusBilling < v7.8.5.3

## Description

A **Broken Access Control** vulnerability exists in **MagnusBilling** versions prior to `v7.8.5.3`. Newly registered users can escalate their account status from `pending` to `active` without administrator approval by modifying a request parameter. This allows unauthorized access to system features intended only for verified users.

## Impact

- **Severity:** High  
- **Vulnerability Type:** Privilege Escalation / Broken Access Control  
- **CVE ID:** CVE-2025-52289

## Patch

The issue was fixed in version `v7.8.5.3`.

- 🔗 [Vendor Patch Commit](https://github.com/magnussolution/magnusbilling7/commit/f886330e9e9216a3830775610a4a83f970c08e8d)

## Credits

Discovered by **Madhav Bhardwaj**

File Snapshot


 [4.0K]  /data/pocs/f5eb1d35488d0d65de9bd1bfca4d8ee229d87b52
├── [ 695]  CVE-2025-52289_PoC.txt
└── [ 808]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!