CVE-2025-57819
Sangoma FreePBX Authentication Bypass Vulnerability - [Actively Exploited]
Description
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
INFO
Published Date :
Aug. 28, 2025, 5:15 p.m.
Last Modified :
Sept. 12, 2025, 1:59 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
CISA KEV (Known Exploited Vulnerabilities)
For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.
Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h ; https://nvd.nist.gov/vuln/detail/CVE-2025-57819
CVSS Scores
| Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|---|
| CVSS 3.1 | CRITICAL | [email protected] | ||||
| CVSS 4.0 | CRITICAL | [email protected] |
Solution
- Update FreePBX endpoint to version 15.0.66.
- Update FreePBX endpoint to version 16.0.89.
- Update FreePBX endpoint to version 17.0.3.
Public PoC/Exploit Available at Github
CVE-2025-57819 has a 14 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2025-57819.
| URL | Resource |
|---|---|
| https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 | Issue Tracking Vendor Advisory |
| https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h | Mitigation Vendor Advisory |
| https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 | Exploit Third Party Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2025-57819 is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2025-57819
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting.
asterisk checker cve-2025-57819 detector freepbx pentest poc security sql-injection voip
Python
FreePBX versions 15, 16, and 17 contain a Remote Code Execution (RCE) vulnerability caused by insufficient sanitization of user-supplied data in endpoints.
bug-bounty cve-2025-57819 hacking remote-code-execution-rce sqlinjection
None
Python
CVE-2025-57819
Python
FreePBX CVE-2025-57819 lab (Docker) + Nuclei POC for unauth SQLi (time-based).
freepbx lab nuclei pentest rce security sql-injection cve-2025-57819
Makefile Shell
A write up of CVE-2025-57819, a vulnerability affecting FreePBX 15, 16, and 17
FreePBX SQL Injection Exploit
Python
This is repository contains a script to check for current IOCs listed in the freepbx forum topic of the CVE-2025-57819
Shell
Detection for CVE-2025-57819
vulnerability zero-day
监控Github最新网络安全相关的仓库...
cve cybersecurity github spider
Shell Python Nix
None
Python
CISA Bot is a GitHub bot that automatically monitors the Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities (KEV) Catalog. When new vulnerabilities are published in the KEV, the bot creates GitHub issues in this repository with detailed information about each vulnerability.
Python
A list of all of my starred repos, automated using Github Actions 🌟
github-actions stars
📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
security cve exploit poc vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2025-57819 vulnerability anywhere in the article.
-
Daily CyberSecurity
CVE-2025-9242: Critical WatchGuard Flaw Allows Remote Code Execution
WatchGuard has issued a security advisory addressing a critical vulnerability in its Fireware OS, tracked as CVE-2025-9242 with a CVSS v4 score of 9.3. The flaw resides in the iked process and could a ... Read more
-
Daily CyberSecurity
Kubernetes C# Client Flaw Exposes API to MITM Attacks (CVE-2025-9708)
A newly disclosed vulnerability in the Kubernetes C# client has been assigned CVE-2025-9708 with a CVSS score of 6.8 (Medium severity). The flaw stems from improper certificate validation in custom Ce ... Read more
-
Daily CyberSecurity
KSMBDrain (CVE-2025-38501): Linux Kernel Flaw Allows Remote DoS Attacks, PoC Available
A newly disclosed vulnerability in the Linux kernel’s KSMBD subsystem has been assigned CVE-2025-38501, allowing remote attackers to exhaust server resources and cause denial-of-service (DoS) conditio ... Read more
-
Daily CyberSecurity
AISURU Botnet: From Record-Breaking DDoS to Residential Proxy Empire
The AISURU botnet, first disclosed by XLab in 2024, has rapidly become one of the most dangerous forces in the DDoS landscape. In 2025 alone, it was linked to multiple record-breaking attacks, includi ... Read more
-
Daily CyberSecurity
Chrome’s New Preloading is a Game-Changer
Google has long experimented with prerendering technology in Chrome to accelerate page loading by rendering content in advance so that pages would open instantly upon a click. However, this approach o ... Read more
-
Daily CyberSecurity
China Accuses NVIDIA of Anti-Monopoly Violations
China’s State Administration for Market Regulation (SAMR) issued a statement today declaring that NVIDIA’s $6.9 billion acquisition of Mellanox in 2019 violated both the Anti-Monopoly Law of the Peopl ... Read more
-
Daily CyberSecurity
Apple Ends iCloud Support for Older Devices
According to Apple’s newly published support documentation, devices running iOS 10 or macOS 10.12 no longer meet the minimum system requirements for iCloud services. As a result, these systems will lo ... Read more
-
Daily CyberSecurity
CVE-2025-5821: Critical Authentication Bypass in WordPress Case Theme User Plugin Exploited in the Wild
Hackers are exploiting a critical authentication bypass vulnerability in the Case Theme User plugin, a WordPress plugin with an estimated 12,000 active installations. This plugin is bundled in multipl ... Read more
-
Daily CyberSecurity
PoC Published: Linux Kernel 0-Click RCE Vulnerability Found in ksmbd
Image: BitsByWill In a recent deep-dive analysis, security researcher BitsByWill examined two critical Linux kernel vulnerabilities—CVE-2023-52440 and CVE-2023-4130—both impacting ksmbd, the in-kernel ... Read more
-
Daily CyberSecurity
OpenAI’s New Grove Incubator Is Building the Next Generation of AI Startups
OpenAI recently unveiled its internal incubation initiative, OpenAI Grove. Unlike traditional startup accelerators or incubator programs, Grove emphasizes engaging with potential founders before their ... Read more
-
Daily CyberSecurity
Samsung Zero-Day Exploit CVE-2025-21043 Patched After Active Attacks on Android Devices
Samsung has released security updates to patch a critical zero-day vulnerability actively exploited against Android devices. Tracked as CVE-2025-21043 with a CVSS score of 8.8, the flaw enables remote ... Read more
-
Daily CyberSecurity
PoC Available: FlowiseAI Flaw (CVE-2025-58434) Allows Full Account Takeover (CVSS 9.8)
The open-source generative AI development platform FlowiseAI, widely used for building AI agents and LLM workflows, has been found vulnerable to a critical flaw that enables unauthenticated account ta ... Read more
-
Daily CyberSecurity
Digiever NVR Flaws (CVE-2025-10264, CVE-2025-10265) Let Hackers Steal Credentials & Take Control
The Taiwan Computer Emergency Response Team (TWCERT/CC) has issued a vulnerability note warning of two critical security flaws in Digiever’s Network Video Recorder (NVR) product line. Tracked as CVE-2 ... Read more
-
Daily CyberSecurity
CVE-2025-9556 (CVSS 9.8):Critical Vulnerability in LangChainGo Puts LLM Apps at Risk
The rise of large language model (LLM) applications has made frameworks like LangChain and its ports foundational for developers worldwide. But according to a recent CERT/CC Vulnerability Note, a crit ... Read more
-
Daily CyberSecurity
Phishing Wave Hits U.S. Energy Giants: Chevron, ConocoPhillips Targeted
The U.S. energy industry has become a prime target for large-scale phishing operations in 2025, according to new research from Hunt Intelligence. The report reveals a sharp increase in look-alike doma ... Read more
-
Daily CyberSecurity
VMScape (CVE-2025-40300): A New CPU Flaw Threatens Cloud Security
Security researchers at ETH Zurich have published a study revealing how attackers can break through virtualization boundaries with a technique they call VMScope (CVE-2025-40300). By exploiting microar ... Read more
-
Daily CyberSecurity
Unlocking Real-Time Translation: Microsoft Edge’s AI Breakthrough
Microsoft has introduced a highly practical new feature in its Edge browser: when users watch videos in English, the browser can leverage artificial intelligence to deliver real-time translation into ... Read more
-
Daily CyberSecurity
FTC Probes Google, Amazon Over ‘Opaque’ Ad Practices
The U.S. Federal Trade Commission (FTC) has launched a new investigation into the online advertising practices of Google and Amazon, focusing on the transparency of their auction pricing mechanisms an ... Read more
-
Daily CyberSecurity
Apple Issues New Spyware Alerts for French Officials and Journalists
Apple occasionally issues spyware attack notifications, publicly disclosing on its website which countries or regions have received such warnings. However, some spyware campaigns may remain undisclose ... Read more
-
Daily CyberSecurity
CVE-2025-10127 (CVSS 9.8): Critical Daikin Flaw Could Give Hackers Full System Access
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory about a critical flaw in Daikin Security Gateway devices that could allow attackers to bypass authentication ... Read more
The following table lists the changes that have been made to the
CVE-2025-57819 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Modified Analysis by [email protected]
Sep. 12, 2025
Action Type Old Value New Value Added Reference Type CISA-ADP: https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 Types: Exploit, Third Party Advisory -
CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0
Sep. 11, 2025
Action Type Old Value New Value Added Reference https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 -
Initial Analysis by [email protected]
Sep. 02, 2025
Action Type Old Value New Value Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CPE Configuration OR *cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:* versions from (including) 15.0 up to (excluding) 15.0.66 *cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:* versions from (including) 16.0 up to (excluding) 16.0.89 *cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:* versions from (including) 17.0 up to (excluding) 17.0.3 Added Reference Type GitHub, Inc.: https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 Types: Issue Tracking, Vendor Advisory Added Reference Type GitHub, Inc.: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h Types: Mitigation, Vendor Advisory -
CVE CISA KEV Update by 9119a7d8-5eab-497f-8521-727c672e3725
Aug. 30, 2025
Action Type Old Value New Value Added Date Added 2025-08-29 Added Due Date 2025-09-19 Added Required Action Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Added Vulnerability Name Sangoma FreePBX Authentication Bypass Vulnerability -
New CVE Received by [email protected]
Aug. 28, 2025
Action Type Old Value New Value Added Description FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3. Added CVSS V4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Added CWE CWE-89 Added CWE CWE-288 Added Reference https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 Added Reference https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h