Unrated severityCISA KEVNVD Advisory· Published Aug 28, 2025· Updated Feb 26, 2026
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
CVE-2025-57819
Description
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Affected products
1- FreePBX/endpointv5Range: < 15.0.66
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203mitrex_refsource_MISC
- github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3hmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.