FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
History

Mon, 01 Sep 2025 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Freepbx
Freepbx freepbx
Vendors & Products Freepbx
Freepbx freepbx

Fri, 29 Aug 2025 17:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-08-29T00:00:00+00:00', 'dueDate': '2025-09-19T00:00:00+00:00'}


Fri, 29 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 28 Aug 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 28 Aug 2025 17:00:00 +0000

Type Values Removed Values Added
Description FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Title FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
Weaknesses CWE-288
CWE-89
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2025-08-29T22:20:23.714Z

Reserved: 2025-08-20T14:30:35.011Z

Link: CVE-2025-57819

cve-icon Vulnrichment

Updated: 2025-08-28T17:15:33.652Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-28T17:15:36.790

Modified: 2025-08-30T01:00:02.000

Link: CVE-2025-57819

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-09-01T09:05:12Z