Weak Default Password Vulnerability in FreePBX Endpoint Manager
CVE-2025-67513

6.9MEDIUM

Key Information:

Vendor: Freepbx
Status: Security-reporting
Vendor: CVE Published:; 10 December 2025

What is CVE-2025-67513?

The FreePBX Endpoint Manager, a module designed for managing telephony endpoints in FreePBX systems, exhibits a serious security issue due to a weak default password. This six-digit numeric password, which serves as the app_password parameter, can be easily brute-forced, exposing systems to unauthorized access. The vulnerability affects specific versions prior to 16.0.96 and the range of 17.0.1 to 17.0.9. Users are encouraged to upgrade to versions 16.0.96 or 17.0.10, where this issue has been resolved, to enhance their system security and protect against potential intrusions.

Affected Version(s)

security-reporting < 16.0.96 < 16.0.96

security-reporting >= 17.0.1, < 17.0.10 < 17.0.1, 17.0.10

References

https://github.com/FreePBX/security-reporting/security/ad...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 10, 2025
Vulnerability Reserved
Dec 8, 2025

JSON

Freepbx

What is CVE-2025-67513?

Affected Version(s)

References

CVSS V4

Timeline