CVE-2025-57819

Name of the Vulnerable Software and Affected Versions FreePBX versions 15.0.0 through 17.0.3

Description FreePBX is vulnerable to an authentication bypass due to insufficient sanitization of user-supplied data. This allows unauthenticated access to the FreePBX Administrator interface, leading to arbitrary database manipulation and remote code execution (RCE). Exploitation of this issue has been observed in the wild since August 21, 2025, with over 6620 unpatched instances and at least 386 compromised systems reported as of August 29, 2025. Attackers have been observed deploying web shells, such as "modular.php," to gain persistent access and potentially install backdoors like PAM. The vulnerability allows attackers to achieve SYSTEM-level privileges without valid credentials. The /api/v1/login endpoint is potentially affected, allowing unauthorized access. The vulnerability stems from improper handling of input to the database, potentially through SQL injection.

Recommendations Update to FreePBX version 15.0.66 or later. Update to FreePBX version 16.0.89 or later. Update to FreePBX version 17.0.3 or later.