PT-2025-42181 · Unknown · Freepbx Endpoint Manager
Published
2025-10-14
·
Updated
2025-10-14
·
CVE-2025-59051
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
FreePBX Endpoint Manager versions prior to 16.0.92
FreePBX Endpoint Manager versions prior to 17.0.6
Description
The software includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. Insufficiently sanitized user-supplied input allows authenticated OS command execution as the
asterisk user. Authentication with a known username is required. The vulnerable feature is accessible through the Endpoint Manager module.Recommendations
Update to FreePBX Endpoint Manager version 16.0.92 or later.
Update to FreePBX Endpoint Manager version 17.0.6 or later.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freepbx Endpoint Manager