FreePBX security-reporting module contains an authentication bypass vulnerability leading to SQL injection and RCE. This web-based PBX management interface is commonly exposed to the internet for remote administration and has been actively exploited since August 2025.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: DIRECT_NETWORK
CVE Published: 2025-08-28
Added to CISA KEV: 2025-08-29 1 DAY BETWEEN CVE AND KEV
Summary. A critical vulnerability in FreePBX, an open-source web-based graphical user interface, affects versions 15, 16, and 17.
Executive Summary: A critical flaw (CVE-2025-57819) in FreePBX versions 15, 16, and 17 enables unauthenticated attackers to perform SQL injection and remote code execution (RCE), with 25 vulnerable IP addresses found in Bangladesh. Immediate patching, system updates, and access restrictions are crucial to prevent exploitation.
FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX ...
FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX ...
Use the IONIX Exposure Management Platform to validate exploitability across Internet-facing hosts and prioritise RCE chains that truly work in ...