CVE-2025-55211

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreePBX versions 17.0.19.11 through 17.0.20

Description FreePBX is a web-based graphical user interface. Authenticated users of the Administrator Control Panel (ACP) can execute arbitrary shell commands by manipulating the framework module's language settings. This allows malicious actors to potentially compromise the system.

Recommendations Update to version 17.0.21 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2025-16261

CVE-2025-55211

GHSA-XG83-M6Q5-Q24H

Affected Products

Freepbx

CVE-2025-55211

Weakness Enumeration

Related Identifiers

Affected Products

References · 6