CVE-2025-2610 Scanner

MagnusBilling is a billing software solution developed by MagnusSolution, widely used by telecom companies and service providers for managing customer accounts, billing, and related services. It supports various modules including authentication, alarm management, and logging to help administrators monitor and operate billing functions efficiently. The software is typically deployed on Linux-based servers and accessed via web interfaces by both administrators and authenticated users. MagnusBilling is designed to provide a comprehensive billing solution with real-time updates and operational transparency. Due to its role in sensitive financial and operational data management, the software must maintain high security standards. MagnusBilling continues to be updated by its vendor to address security and functionality improvements.

This vulnerability is a stored Cross-Site Scripting (XSS) flaw found in the Alarm Module of MagnusBilling. It occurs when the software improperly neutralizes user input during web page generation, allowing attackers to inject malicious HTML or JavaScript into pages viewed by other users. The XSS vulnerability requires the attacker to be authenticated but can lead to significant impact by hijacking user sessions or performing unauthorized actions on behalf of users. The vulnerability is specifically linked to components handling alarm data and logs. Stored XSS can persist across multiple user sessions and cause repeated harm if exploited. This issue affects MagnusBilling versions up to and including 7.3.0.

The vulnerability manifests technically in the handling of alarm data submitted via the web interface, particularly in parameters such as 'message' that allow HTML content without proper sanitization. The vulnerable endpoint is `/mbilling/index.php/alarm/save`, which accepts alarm data including user-controlled fields. When malicious scripts are stored and subsequently rendered in the alarm read page `/mbilling/index.php/alarm/read`, the payload executes in the context of authenticated users. The absence of sufficient input validation and output encoding leads to the security flaw. This flaw is associated with the program file `protected/components/MagnusLog.Php`. Exploiting this flaw requires an authenticated user with permission to create or modify alarms.

If exploited, this vulnerability can allow attackers to execute arbitrary scripts in users' browsers, potentially stealing cookies, session tokens, or performing actions on behalf of the victim user. This can lead to account takeover, unauthorized data access, or other malicious activities within the MagnusBilling environment. Additionally, it may be used to launch more complex attacks like phishing or spreading malware. The persistent nature of stored XSS makes remediation urgent to protect users and maintain trust. The attack surface includes all users who access the alarm log pages after the payload is stored.

REFERENCES

• https://vulncheck.com/advisories/magnusbilling-logs-xss
• https://chocapikk.com/posts/2025/magnusbilling/
• https://nvd.nist.gov/vuln/detail/CVE-2025-2610