You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
telephony security
About this tag
Telephony security on WindowsForum.com covers vulnerabilities and threats targeting telephony systems such as FreePBX and Asterisk. Discussions focus on authentication bypass, SQL injection, and remote code execution exploits that can compromise PBX infrastructure. Active exploitation of these flaws, as highlighted by CISA's Known Exploited Vulnerabilities catalog, underscores the urgency of patching and securing telephony endpoints. The tag also touches on administrative access controls and the risks of exposing management interfaces. IT administrators and security professionals will find practical guidance on mitigating these telephony security risks.
CISA has added CVE-2025-57819 — an authentication‑bypass and SQL‑injection chain that can lead to remote code execution in Sangoma FreePBX — to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation and urging immediate remediation. Background
FreePBX is a...