VDB

CVE-2025-57819

CVE-2025-57819 PUBLISHED KEV CVSS 10 CRITICAL

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

EPSS 76.95% · 99.0th percentile

Risk Scores

CVSS 4.0
10
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS Score
76.95%
99.0th percentile

Affected Products

VendorProductVersions
FreePBXendpoint< 15.0.66, < 16.0.89, < 17.0.3
sangomafreepbx15.0, 17.0, 16.0

Timeline

  • Mar 8, 2024 CrowdSec Sighting
  • Mar 8, 2024 CrowdSec Sighting
  • Mar 10, 2024 CrowdSec Sighting
  • Apr 12, 2024 CrowdSec Sighting
  • Apr 24, 2024 CrowdSec Sighting
  • Apr 25, 2024 CrowdSec Sighting
  • May 30, 2024 CrowdSec Sighting
  • May 31, 2024 CrowdSec Sighting
  • Jun 17, 2024 CrowdSec Sighting
  • Jul 3, 2024 CrowdSec Sighting
  • Jul 9, 2024 CrowdSec Sighting
  • Aug 1, 2024 CrowdSec Sighting
Open in Interactive Console →
$ Console Community · 100/wk Open console ›