CVE-2025-2609 identifies a cross-site scripting (XSS) vulnerability classified under CWE-79 in MagnusSolution's MagnusBilling product, affecting versions through 7.3.0. The vulnerability arises from improper neutralization of user-supplied input during web page generation within the login logging functionality. Specifically, unauthenticated users can inject arbitrary HTML content into the logging component accessible at /mbilling/index.php/logUsers/read, which is rendered without adequate sanitization due to flaws in the protected/components/MagnusLog.php file. This allows attackers to execute malicious scripts in the context of the victim's browser when viewing the logs, potentially stealing session tokens, performing actions on behalf of the user, or delivering further payloads. The CVSS 3.1 base score is 8.2 (high), reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction to trigger the payload. The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component. Confidentiality impact is high due to possible data theft, integrity impact is low, and availability is unaffected. No patches or exploits are currently publicly available, but the vulnerability is published and should be considered critical for affected deployments. MagnusBilling is commonly used in telecom and billing environments, where log integrity and confidentiality are essential. The vulnerability's exploitation could lead to credential theft or unauthorized access if malicious scripts capture sensitive data or perform session hijacking.

For European organizations, especially those in telecommunications, billing services, or ISPs using MagnusBilling, this vulnerability poses a significant risk to confidentiality and operational security. Attackers exploiting this XSS flaw could steal session cookies or credentials of administrators or users who access the vulnerable log interface, potentially leading to unauthorized access or data breaches. Given that the vulnerability requires no authentication, any external attacker can attempt exploitation, increasing exposure. The integrity of billing logs could be undermined if attackers inject misleading or malicious content, complicating forensic analysis or compliance efforts. Although availability is not directly impacted, the resulting unauthorized access or data leakage could cause reputational damage, regulatory penalties under GDPR, and financial losses. The absence of known exploits in the wild provides a window for proactive mitigation, but the high CVSS score and ease of exploitation necessitate urgent attention. Organizations relying on MagnusBilling should assess their exposure and implement compensating controls immediately.

1. Apply official patches or updates from MagnusSolution as soon as they become available to address the input sanitization flaw in MagnusLog.php. 2. Until patches are released, restrict access to the /mbilling/index.php/logUsers/read endpoint to trusted administrators only, using network segmentation, VPNs, or IP whitelisting. 3. Implement web application firewall (WAF) rules to detect and block suspicious input patterns indicative of XSS payloads targeting the logging interface. 4. Sanitize and encode all user-supplied input before rendering in logs, employing context-aware output encoding techniques. 5. Enable Content Security Policy (CSP) headers to limit the execution of unauthorized scripts in the browser. 6. Monitor logs for unusual entries or injection attempts and conduct regular security audits of the MagnusBilling environment. 7. Educate administrators to avoid clicking suspicious links or viewing logs from untrusted sources. 8. Consider deploying endpoint protection that can detect anomalous browser behavior indicative of XSS exploitation. 9. Review and harden authentication and session management controls to limit the impact of potential session hijacking.