CVE-2025-67722

Name of the Vulnerable Software and Affected Versions FreePBX versions prior to 16.0.45 FreePBX versions prior to 17.0.24

Description FreePBX is a web-based graphical user interface for managing Asterisk. A local privilege escalation exists in the deprecated FreePBX startup script amportal in versions prior to 16.0.45 and 17.0.24. The amportal utility searches for the freepbx engine file in /etc/asterisk/ directories, which are typically writable by the asterisk user and members of the asterisk group. An attacker who is a member of the asterisk group can place a malicious freepbx engine file in /etc/asterisk/, which will then be executed with root privileges when amportal runs. The System() and FILE() functions are examples of Asterisk dial plan applications and functions that can potentially manipulate the file system.

Recommendations FreePBX versions prior to 16.0.45 should be updated to version 16.0.45 or later. FreePBX versions prior to 17.0.24 should be updated to version 17.0.24 or later. Confirm only trusted local OS system users are members of the asterisk group. Look for suspicious files in the /etc/asterisk/ directory via the Admin -> Config Edit interface in the GUI, or via the command line interface. Double-check that live dangerously = no is set (or unconfigured, as the default is 'no') in the /etc/asterisk/asterisk.conf file. Eliminate any unsafe custom use of Asterisk dial plan applications and functions that potentially can manipulate the file system, such as System() and FILE().