CVE-2025-64105
Received Received - Intake
Insecure Direct Object Reference in FOSSBilling Support Ticket System

Publication date: 2026-06-23

Last updated on: 2026-06-23

Assigner: GitHub, Inc.

Description
FOSSBilling is a billing and client management system that automates invoicing, payments, and communication for online service businesses. Versions 0.6.21 through 0.7.2 are vulnerable to IDOR through the support ticket creation workflow. By manipulating rel_id when rel_type=order, an authenticated client can create a support ticket that references another client's order they do not own. The ticketCreateForClient() method accepted rel_id without verifying order ownership for non-upgrade tasks, allowing clients to link a new ticket to another client's order by crafting the request. No cron task automatically processes cancel/upgrade requests from ticket relations; staff action is required. This affects integrity and confidentiality: staff could be misled into acting on the wrong order (e.g., cancellation or upgrade requests). While there is no client-to-client order data exposure, order IDs may appear in ticket context. This issue has been fixed in version 0.8.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-23
Last Modified
2026-06-23
Generated
2026-06-24
AI Q&A
2026-06-24
EPSS Evaluated
N/A
NVD
CVE-2025-64105
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
fossbilling fossbilling From 0.6.21 (inc) to 0.7.2 (inc)
fossbilling fossbilling 0.8.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects FOSSBilling versions 0.6.21 through 0.7.2 and is an Insecure Direct Object Reference (IDOR) issue in the support ticket creation workflow.

An authenticated client can manipulate the 'rel_id' parameter when 'rel_type=order' to create a support ticket that references another client's order, which they do not own.

The method ticketCreateForClient() accepted the rel_id without verifying ownership of the order for non-upgrade tasks, allowing clients to link new tickets to other clients' orders by crafting the request.

Although no direct client-to-client order data exposure occurs, order IDs may appear in the ticket context, potentially misleading staff into acting on the wrong order.

This issue was fixed in version 0.8.0.

Impact Analysis

This vulnerability impacts the integrity and confidentiality of order management within FOSSBilling.

Staff could be misled into acting on incorrect orders, such as processing cancellation or upgrade requests for orders they should not be handling.

While clients cannot directly access other clients' order data, the presence of order IDs in ticket contexts could cause confusion or incorrect administrative actions.

Mitigation Strategies

To mitigate this vulnerability, upgrade FOSSBilling to version 0.8.0 or later, where the issue has been fixed.

Additionally, ensure that staff carefully verify support tickets related to order cancellations or upgrades, as no automatic processing occurs and staff action is required.

Compliance Impact

The vulnerability affects the integrity and confidentiality of order-related information within the FOSSBilling system by allowing an authenticated client to create support tickets linked to orders they do not own. This could mislead staff into acting on incorrect orders, potentially impacting the accuracy and confidentiality of client data.

However, there is no direct exposure of client-to-client order data, and order IDs only appear in ticket context. The description does not explicitly mention impacts on compliance with standards such as GDPR or HIPAA.

Therefore, while the vulnerability could indirectly affect compliance by compromising data integrity and confidentiality, no specific compliance implications are detailed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64105. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart