CVE-2025-58616 is a Missing Authorization vulnerability (CWE-862) identified in the Frisbii Pay product by Frisbii, affecting versions up to 1.8.2.1. This vulnerability arises from incorrectly configured access control security levels, allowing an attacker with some level of privileges (PR:L - low privileges) to exploit the system remotely (AV:N - network attack vector) without requiring user interaction (UI:N). The vulnerability does not impact confidentiality or integrity but results in a complete loss of availability (A:H), indicating that an attacker can disrupt the service or cause denial of service conditions. The CVSS 3.1 base score is 6.5, categorized as medium severity. The lack of proper authorization checks means that certain operations or resources within Frisbii Pay can be accessed or manipulated by unauthorized users who have some authenticated access, potentially leading to service outages or disruptions. No patches or known exploits in the wild have been reported as of the publication date (September 3, 2025). The vulnerability is significant because Frisbii Pay is a payment processing system, and availability disruptions can severely impact business operations and customer trust.

For European organizations using Frisbii Pay, this vulnerability poses a risk primarily to service availability. Disruptions in payment processing can lead to financial losses, operational downtime, and reputational damage. In sectors such as retail, e-commerce, and financial services where Frisbii Pay might be integrated, availability issues can halt transactions, affecting revenue streams and customer satisfaction. Additionally, regulatory compliance under frameworks like GDPR may be indirectly impacted if service outages affect customer data processing or contractual obligations. The medium severity rating reflects that while confidentiality and integrity are not compromised, the availability impact can be significant, especially for organizations relying heavily on continuous payment processing. Given the network-exploitable nature and low privilege requirements, attackers could leverage this vulnerability to cause denial of service attacks remotely, potentially targeting multiple organizations simultaneously.

To mitigate this vulnerability, European organizations should: 1) Immediately review and audit access control configurations within Frisbii Pay to ensure proper authorization checks are enforced for all sensitive operations. 2) Implement network-level protections such as firewalls and intrusion detection/prevention systems to monitor and restrict unauthorized access attempts to Frisbii Pay endpoints. 3) Employ strict role-based access control (RBAC) policies limiting user privileges to the minimum necessary, reducing the risk of low-privilege accounts being exploited. 4) Monitor system logs and alerts for unusual access patterns or service disruptions indicative of exploitation attempts. 5) Engage with Frisbii for any forthcoming patches or updates addressing this vulnerability and plan timely deployment. 6) Consider deploying redundancy and failover mechanisms in payment processing infrastructure to maintain availability in case of an attack. 7) Conduct regular penetration testing focusing on authorization controls to proactively identify and remediate weaknesses.