Unauthenticated Access Vulnerability in FreePBX by Sangoma Technologies
CVE-2025-57819
Key Information:
- Vendor
Freepbx
- Status
- Vendor
- CVE Published:
- 28 August 2025
Badges
What is CVE-2025-57819?
CVE-2025-57819 is a serious vulnerability found in FreePBX, an open-source web-based graphical user interface widely used for managing communication systems via Voice over IP (VoIP). This vulnerability affects FreePBX versions 15, 16, and 17, stemming from inadequate sanitization of user-supplied data. As a consequence, it allows unauthorized users to gain unauthenticated access to the FreePBX Administrator interface. Such access can enable attackers to manipulate databases arbitrarily and execute remote code, posing a significant risk to the integrity and confidentiality of organizational data. Organizations relying on FreePBX for their communication infrastructure face potential disruptions, unauthorized data access, and severe security breaches if they do not address this critical vulnerability promptly.
Potential impact of CVE-2025-57819
-
Unauthorized Database Manipulation: Attackers can exploit the vulnerability to gain access and manipulate backend databases without any authentication, potentially leading to data loss, corruption, or unauthorized changes that could compromise critical business operations.
-
Remote Code Execution: The flaw enables attackers to execute arbitrary code on the server, which could facilitate the deployment of malware, take control of the communication system, or launch further attacks on connected networks, risking broader organizational compromise.
-
Compromised Communication Systems: With FreePBX integral to VoIP operations, unauthorized access could disrupt functionalities, such as call management and routing, leading to downtime, loss of communications, and potential financial impacts for organizations that rely heavily on effective communication systems.
CISA has reported CVE-2025-57819
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-57819 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
security-reporting < 15.0.66 < 15.0.66
security-reporting < 16.0.89 < 16.0.89
security-reporting < 17.0.3 < 17.0.3
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
The Hacker NewsCVE-2025-57819FreePBX Servers Targeted by Zero-Day Flaw, Emergency Patch Now Available
Active FreePBX zero-day (CVE-2025-57819) + CVSS 10.0 exploited since Aug 21, 2025 + enables unauthenticated admin access and RCE.
3 weeks ago
References
EPSS Score
37% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π‘
Public PoC available
- π
Vulnerability started trending
- πΎ
Exploit known to exist
- π¦
CISA Reported
- π°
First article discovered by The Hacker News
Vulnerability published
Vulnerability Reserved