Unrated severityNVD Advisory· Published Sep 15, 2025· Updated Feb 13, 2026
FreePBX Post-Authenticated Command Injection
CVE-2025-55211
Description
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/FreePBX/security-reporting/security/advisories/GHSA-xg83-m6q5-q24hmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.