CVE-2025-57819

Sažetak

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

Reference

https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

12-09-2025 - 13:59

Objavljeno

28-08-2025 - 17:15