FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating rel_id when rel_type=order, an authenticated client can create a support ticket that references another client's order they do not own. The ticketCreateForClient() method accepted rel_id without verifying order ownership for non-upgrade tasks, allowing clients to link a new ticket to another client's order by crafting the request. No cron task automatically processes cancel/upgrade requests from ticket relations; staff action is required. This affects integrity and confidentiality: staff could be misled into acting on the wrong order (e.g., cancellation or upgrade requests). While there is no client-to-client order data exposure, order IDs may appear in ticket context. This issue has been fixed in version 0.8.0.
CVE-2025-64105
This medium-severity CVE scores 5.1 under a secondary CVSS source (NVD's own analysis pending). EPSS exploit probability: 0.3%, top 82% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
- Lower severity and no public exploit yet
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 5.1
- EG Score
- 5.1(medium)
- EPSS
- 18.0%
- KEV
- Not listed
Published
June 23, 2026
Last Modified
June 25, 2026
Advisory Details (2)
Auto-updated Jun 25, 2026Support ticket order relation IDOR allows cross‑client order references · Advisory · FOSSBilling/FOSSBilling · GitHub
https://github.com/FOSSBilling/FOSSBilling/security/advisories/GHSA-rcr8-p92p-98870.8.0
Patch available: FOSSBilling/FOSSBilling 0.8.0
https://github.com/FOSSBilling/FOSSBilling/releases/tag/0.8.0Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 16× in last 7d / 45× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-12 14:58 UTCEG score recompute
- 2026-07-12 05:46 UTCEPSS rescore
- 2026-07-11 13:25 UTCEG score recompute
- 2026-07-11 08:27 UTCEPSS rescore
- 2026-07-10 11:51 UTCEG score recompute
- 2026-07-09 19:09 UTCEPSS rescore
- 2026-07-09 10:04 UTCEG score recompute
- 2026-07-08 15:15 UTCEPSS rescore
- 2026-07-08 08:30 UTCEG score recompute
- 2026-07-07 13:46 UTCEPSS rescore
- 2026-07-07 06:56 UTCEG score recompute
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 05:20 UTCEG score recompute
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-05 03:45 UTCEG score recompute
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-04 06:30 UTCEPSS rescore
- 2026-07-04 02:08 UTCEG score recompute
- 2026-07-03 00:31 UTCEG score recompute
- 2026-07-01 22:58 UTCEG score recompute
- 2026-07-01 15:06 UTCEPSS rescore
Show 20 moreShow fewer
- 2026-07-01 15:06 UTCEPSS rescore
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 21:25 UTCEG score recompute
- 2026-06-29 19:51 UTCEG score recompute
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-29 14:06 UTCEPSS rescore
- 2026-06-28 18:17 UTCEG score recompute
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 14:07 UTCEPSS rescore
- 2026-06-28 04:56 UTCEPSS rescore
- 2026-06-28 04:55 UTCEPSS rescore
- 2026-06-27 16:43 UTCEG score recompute
- 2026-06-27 03:08 UTCEPSS rescore
- 2026-06-26 15:10 UTCEG score recompute
- 2026-06-25 13:49 UTCEPSS rescore
- 2026-06-25 13:36 UTCEG score recompute
- 2026-06-24 14:04 UTCEPSS rescore
- 2026-06-24 14:04 UTCEPSS rescore
- 2026-06-24 12:02 UTCEG score recompute
- 2026-06-24 12:01 UTCNVD updatefirst tracked
Related CVEs(same CWE)
Same CWE
10 shownCWE-639
- CVE-2018-25270EG 9.8CRITICAL
- CVE-2017-20223EG 9.8CRITICAL
- CVE-2019-25487EG 9.8EPSS 94%CRITICAL
- CVE-2019-25235EG 9.8CRITICAL
- CVE-2020-16088EG 9.8CRITICAL
- CVE-2019-15310EG 9.8EPSS 94%CRITICAL
- CVE-2020-11658EG 9.8CRITICAL
- CVE-2019-15913EG 9.8CRITICAL
- CVE-2019-16340EG 9.8EPSS 97%CRITICAL
- CVE-2019-13360EG 9.8EPSS 98%CRITICAL
Frequently asked(5)
What is CVE-2025-64105?
When was CVE-2025-64105 disclosed?
Is CVE-2025-64105 actively exploited?
What is the CVSS score of CVE-2025-64105?
How do I remediate CVE-2025-64105?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2025-64105
Is Your Infrastructure Affected by CVE-2025-64105?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.