Cyber Resilience

CVE-2025-2610

HighPublic PoC

Published: 21 March 2025

Published
21 March 2025
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
EPSS Score 0.0158 82.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2610 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Magnussolution Magnusbilling. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Browser Session Hijacking (T1185); ranked in the top 18.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).

Deeper analysis

CVE-2025-2610 is an improper neutralization of input during web page generation flaw, classified as CWE-79 stored cross-site scripting, that affects the Alarm Module in MagnusSolution MagnusBilling through version 7.3.0. The issue is tied to the program file protected/components/MagnusLog.Php and carries a CVSS 3.1 score of 7.6.

An authenticated attacker with network access can supply crafted input that is stored and later rendered for other users, resulting in script execution with changed scope, high confidentiality impact, and limited integrity effects.

Public references point to a fix in the MagnusBilling repository commit f0f083c76157e31149ae58342342fb1bf1629e22 along with analysis from VulnCheck and Chocapikk that describe the vulnerability and remediation steps. The associated EPSS score remains low with only a modest peak of 0.0229.

EU & UK References

Vulnerability details

Improper neutralization of input during web page generation vulnerability in MagnusSolution MagnusBilling (Alarm Module modules) allows authenticated stored cross-site scripting. This vulnerability is associated with program files protected/components/MagnusLog.Php. This issue affects MagnusBilling: through 7.3.0.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1185 Browser Session Hijacking Collection
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
T1539 Steal Web Session Cookie Credential Access
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials.
Why these techniques?

Stored XSS in web app enables browser session hijacking and stealing web session cookies via injected scripts executed on victim page views.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2609Same product: Magnussolution Magnusbilling
CVE-2026-32277Shared CWE-79
CVE-2026-35035Shared CWE-79
CVE-2026-46367Shared CWE-79
CVE-2025-25102Shared CWE-79
CVE-2025-26918Shared CWE-79
CVE-2025-67923Shared CWE-79
CVE-2026-27655Shared CWE-79
CVE-2026-30919Shared CWE-79
CVE-2025-23883Shared CWE-79

Affected Assets

magnussolution
magnusbilling
≤ 7.3.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements input validation mechanisms to neutralize malicious payloads injected into the Alarm Module's MagnusLog.Php, directly preventing the stored XSS vulnerability.

prevent

Filters information output during web page generation to block execution of injected scripts, comprehensively mitigating the improper neutralization leading to XSS.

prevent

Requires timely identification, reporting, and correction of the specific flaw in MagnusLog.Php via patching, eliminating the root cause of the CVE.

References