CVE-2025-57819

Name of the Vulnerable Software and Affected Versions FreePBX versions 15 through 17 FreePBX versions 15.0.66, 16.0.89, and 17.0.3

Description FreePBX is vulnerable due to insufficient sanitization of user-supplied data, allowing unauthenticated access to the FreePBX Administrator interface. This can lead to arbitrary database manipulation and remote code execution. The vulnerability is actively exploited in the wild, with over 6620 unpatched instances and at least 386 compromised systems reported as of August 29, 2025. Attackers are exploiting this vulnerability to gain access to FreePBX servers and deploy web shells, including a PAM backdoor. The vulnerability has a CVSS score of 10.0. The root cause is an authentication bypass combined with a SQL injection flaw in the “endpoint” module. Attackers can directly access certain module .php files without logging in. The API endpoints are not explicitly mentioned in the provided data. The vulnerable input is insufficiently sanitized user-supplied data.

Recommendations Update to FreePBX version 15.0.66. Update to FreePBX version 16.0.89. Update to FreePBX version 17.0.3.