You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
cve-2025-57819
About this tag
CVE-2025-57819 is an authentication bypass and SQL injection vulnerability in Sangoma FreePBX that can lead to remote code execution. The vulnerability has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation. FreePBX is a widely used open-source web GUI for managing Asterisk-based telephony systems, and many installations expose administrative interfaces. Users are urged to apply patches or mitigations immediately to prevent compromise. Discussions on WindowsForum cover the technical details, impact, and remediation steps for CVE-2025-57819.
CISA has added CVE-2025-57819 — an authentication‑bypass and SQL‑injection chain that can lead to remote code execution in Sangoma FreePBX — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation. Background
FreePBX is a...