VYPR

Endpointman

by Freepbx

Source repositories

CVEs (5)

  • CVE-2025-61678HigOct 14, 2025
    risk 0.60cvss epss 0.50

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting…

  • CVE-2025-61675HigOct 14, 2025
    risk 0.59cvss epss 0.39

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple…

  • CVE-2025-59051HigOct 14, 2025
    risk 0.56cvss epss 0.01

    The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows…

  • CVE-2024-47071MedOct 1, 2024
    risk 0.37cvss 6.8epss 0.00

    OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

  • CVE-2025-57819KEVAug 28, 2025
    risk 0.21cvss epss 0.93

    FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code…