CVE-2025-57819

CVE Database · CVE-2025-57819

CVE-2025-57819

· CRITICALAnalyzed

CVSS v3.1

9.8

CVSS v4.0

10.0

EPSS

87.36%

Published

Aug 28, 2025

Modified

Oct 24, 2025

CISA Known Exploited Vulnerability

Added: 2025-08-29 · Due: 2025-09-19

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Public PoC / Exploit (10)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index GitHub PoCwatchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819★24 GitHub PoCcybertechajju/cve-2025-57819★6 GitHub PoCblueisbeautiful/CVE-2025-57819★6

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-89CWE-288

Affected Products (3)

sangoma · freepbx (up to 15.0.66)vulnerable

sangoma · freepbx (up to 16.0.89)vulnerable

sangoma · freepbx (up to 17.0.3)vulnerable

References (4)

https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

Issue TrackingVendor Advisory

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h

MitigationVendor Advisory

https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819

ExploitThird Party Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-57819

US Government Resource

KEV Catalog EPSS Scores Vendors All CVEs