🔴 CVE-2025-57819

FreePBX security-reporting module contains an authentication bypass vulnerability leading to SQL injection and RCE. This web-based PBX management interface is commonly exposed to the internet for remote administration and has been actively exploited since August 2025.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-08-28

Added to CISA KEV: 2025-08-29 1 DAY BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

Here's what is known about the CVE-2025-57819 vulnerability:

  • Affected Applications/Services: The vulnerability affects FreePBX versions 15, 16, and 17 [1][2]. FreePBX is an open-source web-based graphical user interface [1][3].
  • Internet-Facing: The vulnerability affects internet-facing applications and services [4][5].
  • Active Exploitation: There is evidence of active exploitation of this vulnerability in the wild [6][2]. It has been actively exploited since August 21, 2025 [7].
  • Attack Vectors/Exploitation Methods: The vulnerability allows unauthenticated access due to insufficiently sanitized user-supplied data [3][7]. This can lead to SQL injection and remote code execution (RCE) [2].
  • Targeted Attacks: While there is evidence of active exploitation, there is no specific information available indicating that CVE-2025-57819 has been used in targeted attacks [8].
  • CISA KEV Status: CISA has added CVE-2025-57819 to its Known Exploited Vulnerabilities (KEV) Catalog [6].
  • Technical Details: The vulnerability has a CVSS score of 10.0, indicating maximum severity [7][9]. The attack vector is network-based with low complexity, requiring no privileges or user interaction [10][11].

Sources

  1. CVE-2025-57819 - Exploits & Severity - Feedly

    Summary. A critical vulnerability in FreePBX, an open-source web-based graphical user interface, affects versions 15, 16, and 17.

  2. Critical FreePBX Vulnerability (CVE-2025-57819) Under Active Exploitation

    Executive Summary: A critical flaw (CVE-2025-57819) in FreePBX versions 15, 16, and 17 enables unauthenticated attackers to perform SQL injection and remote code execution (RCE), with 25 vulnerable IP addresses found in Bangladesh. Immediate patching, system updates, and access restrictions are cruc…

  3. CVE-2025-57819 Detail - NVD

    FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX ...

  4. CVE-2025-57819 | Tenable®

    FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX ...

  5. Exploited! Ivanti EPMM Authentication Bypass &

    Use the IONIX Exposure Management Platform to validate exploitability across Internet-facing hosts and prioritise RCE chains that truly work in ...

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed