CVE-2025-57819

CVSS v4.0

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions FreePBX versions 15 through 17

Description FreePBX is vulnerable due to insufficiently sanitized user-supplied data, allowing unauthenticated access to the FreePBX Administrator interface. This can lead to arbitrary database manipulation and remote code execution (RCE). Exploitation of this vulnerability, identified as CVE-2025-57819, has been observed in the wild since August 21, 2025. Approximately 6620 unpatched instances were identified on August 29, 2025, with at least 386 systems already compromised. The vulnerability stems from an authentication bypass and SQL injection flaw within the “endpoint” module. Attackers can achieve system-level privileges without valid credentials. A PAM backdoor has been observed being installed by attackers exploiting this vulnerability.

Recommendations Update to FreePBX version 15.0.66 or later. Update to FreePBX version 16.0.89 or later. Update to FreePBX version 17.0.3 or later.

Exploit

Fix

RCE

SQL injection

Authentication Bypass Using an Alternate Path or Channel

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-288

Related Identifiers

BDU:2025-10524

CVE-2025-57819

GHSA-M42G-XG4C-5F3H

Affected Products

Freepbx

CVE-2025-57819

Weakness Enumeration

Related Identifiers

Affected Products

References · 125