CVE-2025-2610 is a stored cross-site scripting (XSS) vulnerability classified under CWE-79, found in MagnusSolution's MagnusBilling product, specifically in the Alarm Module's protected/components/MagnusLog.php file. The vulnerability stems from improper neutralization of input during web page generation, allowing authenticated users to inject malicious scripts that are stored and later executed in the browsers of other users viewing the affected pages. This flaw affects all versions through 7.3.0 of MagnusBilling. The CVSS 3.1 base score is 7.6, reflecting a high severity due to the network attack vector, low attack complexity, requirement for privileges (authenticated user), and user interaction. The scope is changed, indicating that the vulnerability can affect resources beyond the initially vulnerable component. The impact on confidentiality is high, as attackers can steal session cookies or other sensitive data, while integrity impact is low and availability is unaffected. No known exploits are currently reported in the wild, and no official patches have been published yet. This vulnerability poses a significant risk in environments where MagnusBilling is deployed, especially in billing and alarm management contexts where sensitive data is processed. Attackers exploiting this vulnerability could perform session hijacking, conduct phishing attacks, or escalate privileges by leveraging the stored malicious scripts. The requirement for authentication and user interaction somewhat limits exploitation but does not eliminate the threat, particularly in multi-user environments. Organizations should monitor logs for suspicious input patterns and restrict user permissions to minimize risk.

For European organizations using MagnusBilling, this vulnerability can lead to unauthorized disclosure of sensitive information such as session tokens, user credentials, and billing data, compromising confidentiality. Attackers could hijack user sessions, impersonate legitimate users, or conduct phishing attacks within the trusted application context. This could result in financial fraud, data breaches, and reputational damage. Since MagnusBilling is often used in telecom and billing environments, exploitation could disrupt billing accuracy and customer trust. The requirement for authenticated access limits exposure to internal or semi-trusted users, but insider threats or compromised accounts could still exploit the flaw. The lack of an available patch increases the window of exposure, necessitating immediate mitigations. Additionally, the cross-site scripting vulnerability could be chained with other attacks to escalate privileges or move laterally within networks. The impact on integrity is lower but still present due to potential manipulation of displayed data. Availability is not directly affected, but indirect effects such as incident response efforts could cause operational disruptions.

1. Implement strict input validation and output encoding for all user-supplied data in the Alarm Module, especially in the protected/components/MagnusLog.php file, to neutralize malicious scripts. 2. Apply Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts within the MagnusBilling web interface. 3. Limit user privileges to the minimum necessary, reducing the number of users who can input data into vulnerable components. 4. Monitor application logs and web traffic for unusual input patterns or script injections indicative of exploitation attempts. 5. Educate users about the risks of clicking on suspicious links or interacting with unexpected content within the application. 6. Isolate the MagnusBilling environment from critical network segments to contain potential breaches. 7. Engage with MagnusSolution for timely updates and patches, and plan for rapid deployment once available. 8. Consider deploying web application firewalls (WAFs) with custom rules to detect and block XSS payloads targeting MagnusBilling. 9. Conduct regular security assessments and penetration testing focusing on web application vulnerabilities. 10. Implement multi-factor authentication to reduce the risk of compromised credentials enabling exploitation.