CVE-2025-2610 Scanner

MagnusBilling is a telecommunications platform used by businesses to manage billing and related tasks. The software is designed to integrate various communication protocols and billing solutions under a single platform. MagnusBilling's system is popular among VoIP providers and telecom operators due to its comprehensive features. It supports modules like the Alarm Module, enabling greater flexibility and control for businesses. The platform is particularly valued for its customization capabilities, allowing easy adaptation to specific business needs. Its user-friendly interface is built to simplify the billing process while maintaining accuracy and efficiency.

Cross-Site Scripting (XSS) is a commonly known vulnerability where attackers inject malicious scripts into webpages viewed by other users. This vulnerability can have serious implications, including data theft and account takeover. In the context of MagnusBilling, the vulnerability could be exploited by injecting scripts that execute malicious actions within the user's session. XSS vulnerabilities are particularly potent because they allow attackers to execute scripts within the context of a user's browser session. However, for successful exploitation, attackers often need users to perform specific actions, such as clicking a link. Organizations must identify and mitigate XSS vulnerabilities quickly to prevent abuse.

The vulnerability resides in MagnusBilling's Alarm Module, specifically within the MagnusLog.Php file. Attackers can exploit this by crafting a specific request to the MagnusBilling application. The affected endpoint includes "/mbilling/index.php/alarm/save", where input is improperly sanitized. To exploit this, an attacker injects a script in the 'message' field that is executed as soon as a user views the alarm logs. Successful attacks can execute scripts in users' browsers, leading to potential data exposure and unauthorized actions. However, the attacker needs prior authentication to inject the malicious code effectively.

If this vulnerability is exploited, it could lead to unauthorized actions being performed within the MagnusBilling system. Users may experience unauthorized transactions due to script execution. Sensitive data can be exfiltrated, such as user credentials and financial information. Moreover, the system's integrity could be compromised, affecting its reliability and user trust. Victims might also experience session hijacking, where attackers gain control over their accounts during active sessions. Long-term consequences could include financial losses and reputational damage for affected organizations.

REFERENCES

• https://vulncheck.com/advisories/magnusbilling-logs-xss
• https://chocapikk.com/posts/2025/magnusbilling/
• https://nvd.nist.gov/vuln/detail/CVE-2025-2610