Freepbx Latest Vulnerabilities

Command Injection Vulnerabilities in FreePBX IP PBX System

CVE-2026-28287

FreepbxSecurity-reporting8.6HIGH

SQL Injection Vulnerabilities in FreePBX IP PBX Software

CVE-2026-28284

FreepbxSecurity-reporting8.6HIGH

SQL Injection Vulnerability in FreePBX Module by FreePBX

CVE-2026-28210

FreepbxSecurity-reporting8.6HIGH

Command Injection Vulnerability in FreePBX Affected by ElevenLabs Text-to-Speech Engine

CVE-2026-28209

FreepbxSecurity-reporting7.5HIGH

Privilege Escalation Vulnerability in FreePBX API by FreePBX

CVE-2025-55210

FreepbxApi2LOW

SQL Injection Vulnerability in FreePBX tts Module

CVE-2025-67736

FreepbxTts8.6HIGH

Local Privilege Escalation in FreePBX GUI by Asterisk Group Misconfiguration

CVE-2025-67722

FreepbxFramework5.7MEDIUM

Authenticated Remote Code Execution in FreePBX 16 API Module

CVE-2024-58294

FreepbxFreepbx👾🟡8.7HIGH

Weak Default Password Vulnerability in FreePBX Endpoint Manager

CVE-2025-67513

FreepbxEndpoint6.9MEDIUM

Authentication Bypass in FreePBX Endpoint Manager by FreePBX

CVE-2025-66039

FreepbxFramework📈👾EPSS 32%📰9.3CRITICAL

Authenticated SQL Injection Vulnerability in FreePBX Endpoint Module

CVE-2025-62173

FreepbxRestapps8.6HIGH

Post-Authentication Command Injection Vulnerability in FreePBX Endpoint Manager

CVE-2025-64328

FreepbxFilestore👾🟡EPSS 84%🦅📰8.6HIGH

Authenticated Arbitrary File Upload Vulnerability in FreePBX Endpoint Manager

CVE-2025-61678

FreepbxEndpointmanEPSS 21%8.6HIGH

Authenticated SQL Injection Vulnerability in FreePBX Endpoint Manager Module

CVE-2025-61675

FreepbxEndpointEPSS 14%8.6HIGH

Reflected Cross-Site Scripting Vulnerability in FreePBX by FreePBX

CVE-2025-59429

FreepbxCore8.5HIGH

OS Command Execution Vulnerability in FreePBX Endpoint Manager

CVE-2025-59051

FreepbxEndpoint8.6HIGH

Web-based Interface Vulnerability in FreePBX from Sangoma

CVE-2025-59056

FreepbxFramework6.6MEDIUM

Arbitrary Command Execution in FreePBX by Authenticated Users

CVE-2025-55211

FreepbxFramework6.3MEDIUM

OAuth Private Key Vulnerability in FreePBX API Module

CVE-2025-55739

FreepbxApi5.1MEDIUM

Stored Cross-Site Scripting in FreePBX Contact Manager Module

CVE-2025-55209

FreepbxContactmanager5.1MEDIUM

Unauthenticated Access Vulnerability in FreePBX by Sangoma Technologies

CVE-2025-57819

FreepbxEndpoint🥇📈👾🟡EPSS 70%🦅📰10CRITICAL

Unsafe Access via Activation of Endpoint Manager Module

CVE-2024-47071

FreepbxEndpointman6.8MEDIUM

FreePBX arimanager Views cross site scripting

CVE-2019-25090

FreepbxArimanager3.5LOW

FreePBX voicemail page.voicemail.php cross site scripting

CVE-2021-4282

FreepbxVoicemail3.5LOW

FreePBX cdr Cdr.class.php ajaxHandler sql injection

CVE-2020-36630

FreepbxCdr5.5MEDIUM

Vulnerability Published:

Sort By:

5 March 2026

Command Injection Vulnerabilities in FreePBX IP PBX System

SQL Injection Vulnerabilities in FreePBX IP PBX Software

SQL Injection Vulnerability in FreePBX Module by FreePBX

Command Injection Vulnerability in FreePBX Affected by ElevenLabs Text-to-Speech Engine

12 February 2026

Privilege Escalation Vulnerability in FreePBX API by FreePBX

16 December 2025

SQL Injection Vulnerability in FreePBX tts Module

Local Privilege Escalation in FreePBX GUI by Asterisk Group Misconfiguration

11 December 2025

Authenticated Remote Code Execution in FreePBX 16 API Module

10 December 2025

Weak Default Password Vulnerability in FreePBX Endpoint Manager

9 December 2025

Authentication Bypass in FreePBX Endpoint Manager by FreePBX

3 December 2025

Authenticated SQL Injection Vulnerability in FreePBX Endpoint Module

7 November 2025

Post-Authentication Command Injection Vulnerability in FreePBX Endpoint Manager

14 October 2025

Authenticated Arbitrary File Upload Vulnerability in FreePBX Endpoint Manager

Authenticated SQL Injection Vulnerability in FreePBX Endpoint Manager Module

Reflected Cross-Site Scripting Vulnerability in FreePBX by FreePBX

OS Command Execution Vulnerability in FreePBX Endpoint Manager

15 September 2025

Web-based Interface Vulnerability in FreePBX from Sangoma

Arbitrary Command Execution in FreePBX by Authenticated Users

4 September 2025

OAuth Private Key Vulnerability in FreePBX API Module

Stored Cross-Site Scripting in FreePBX Contact Manager Module

28 August 2025

Unauthenticated Access Vulnerability in FreePBX by Sangoma Technologies

1 October 2024

Unsafe Access via Activation of Endpoint Manager Module

27 December 2022

FreePBX arimanager Views cross site scripting

FreePBX voicemail page.voicemail.php cross site scripting

25 December 2022

FreePBX cdr Cdr.class.php ajaxHandler sql injection