CVE-2025-59056

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions FreePBX versions 15.0.0 through 15.0.37 FreePBX versions 16.0.0 through 16.0.40 FreePBX versions 17.0.0 through 17.0.20

Description FreePBX is a web-based graphical user interface. Malicious connections to the Administrator Control Panel web interface can trigger the uninstall function for certain modules. This function removes the module’s database tables, which store the module’s configuration.

Recommendations Update FreePBX to version 15.0.38 or later. Update FreePBX to version 16.0.41 or later. Update FreePBX to version 17.0.21 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2025-16263

CVE-2025-59056

GHSA-FRC2-JHGG-RWPR

Affected Products

Freepbx

CVE-2025-59056

Weakness Enumeration

Related Identifiers

Affected Products

References · 8