OS Command Execution Vulnerability in FreePBX Endpoint Manager
CVE-2025-59051

8.6HIGH

Key Information:

Vendor: Freepbx
Status: Security-reporting
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-59051?

The FreePBX Endpoint Manager module features a network scanning capability that allows users to leverage nmap for network device discovery. However, prior to versions 16.0.92 and 17.0.6, the module suffers from insufficient input sanitization, which enables authenticated users to execute arbitrary OS commands with the privileges of the asterisk user. This poses a significant risk, as it could allow attackers to manipulate the underlying system, leading to unauthorized access and potential system compromise. To protect infrastructures, users must update to the secure versions as soon as possible.

Affected Version(s)

security-reporting < 16.0.92 < 16.0.92

security-reporting >= 17.0.0, < 17.0.6 < 17.0.0, 17.0.6

References

https://github.com/FreePBX/security-reporting/security/ad...

x_refsource_CONFIRM

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Sep 8, 2025

JSON

Freepbx

What is CVE-2025-59051?

Affected Version(s)

References

CVSS V4

Timeline