VYPR
Unrated severityCISA KEVNVD Advisory· Published Aug 28, 2025· Updated Feb 26, 2026

FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

CVE-2025-57819

Description

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

1