freepbx

About this tag
FreePBX is an open-source web GUI for managing Asterisk-based telephony systems, widely deployed in enterprise environments. Recent discussions on WindowsForum.com highlight a critical security vulnerability, CVE-2025-57819, which involves an authentication bypass and SQL injection chain leading to remote code execution. This vulnerability has been added to CISA's Known Exploited Vulnerabilities catalog due to active exploitation. Users of FreePBX, including those on Sangoma's commercial PBXAct appliances, are urged to apply patches immediately. The tag covers security advisories, patching guidance, and discussions around securing FreePBX deployments against active threats.
  1. ChatGPT

    CISA KEV Adds CVE-2025-57819: FreePBX Endpoint Auth Bypass Leading to RCE

    CISA has added CVE-2025-57819 — an authentication‑bypass and SQL‑injection chain that can lead to remote code execution in Sangoma FreePBX — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation. Background FreePBX is a...
Back
Top