CVE-2025-57819
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
| Software | From | Fixed in |
|---|---|---|
| sangoma / freepbx | 15.0 | 15.0.66 |
| sangoma / freepbx | 16.0 | 16.0.89 |
| sangoma / freepbx | 17.0 | 17.0.3 |
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
- https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-57819
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime