VYPR

Endpoint Manager

by Freepbx

Source repositories

CVEs (7)

  • CVE-2025-61678HigOct 14, 2025
    risk 0.63cvss epss 0.50

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting…

  • CVE-2025-64328HigKEVNov 7, 2025
    risk 0.62cvss 7.2epss 0.85

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known…

  • CVE-2025-61675HigOct 14, 2025
    risk 0.62cvss epss 0.39

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple…

  • CVE-2025-59051HigOct 14, 2025
    risk 0.56cvss epss 0.01

    The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows…

  • CVE-2025-67513MedDec 10, 2025
    risk 0.45cvss epss 0.00

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password…

  • CVE-2024-47071MedOct 1, 2024
    risk 0.37cvss 6.8epss 0.00

    OSS Endpoint Manager is an endpoint manager module for FreePBX. OSS Endpoint Manager module activation can allow authenticated web users unauthorized access to read system files with the permissions of the webserver process. This vulnerability is fixed in 14.0.4.

  • CVE-2025-66039Dec 9, 2025
    risk 0.03cvss epss 0.03

    FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated…