CVE-2025-57819

CVSS v4.0

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions FreePBX versions 15.0.0 through 15.0.65 FreePBX versions 16.0.0 through 16.0.88 FreePBX versions 17.0.0 through 17.0.2

Description FreePBX is vulnerable to an authentication bypass due to insufficiently sanitized user-supplied data. This allows unauthenticated access to the FreePBX Administrator interface, leading to arbitrary database manipulation and remote code execution (RCE). Exploitation of this vulnerability has been observed in the wild, with over 6620 unpatched instances detected and at least 386 systems compromised as of August 29, 2025. Attackers have been observed deploying a modular.php web shell for RCE and installing a PAM backdoor. The vulnerability stems from an input validation flaw in the endpoint module, enabling SQL injection. The

endpoint

module's .php files are directly accessible without authentication, exacerbating the risk.

Recommendations Update to FreePBX version 15.0.66 or later. Update to FreePBX version 16.0.89 or later. Update to FreePBX version 17.0.3 or later.

Exploit

Fix

RCE

Authentication Bypass Using an Alternate Path or Channel

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-288CWE-89

Related Identifiers

BDU:2025-10524

CVE-2025-57819

GHSA-M42G-XG4C-5F3H

Affected Products

Freepbx

CVE-2025-57819

Weakness Enumeration

Related Identifiers

Affected Products

References · 120