CVE-2025-57819

Sangoma FreePBX Authentication Bypass RCE

FreePBX, the widely deployed open-source web-based GUI for managing Asterisk PBX systems, is vulnerable to an authentication bypass that leads to unauthenticated remote code execution.

Versions 15, 16, and 17 are affected. Attackers can manipulate database queries to gain full read/write access, escalate to administrator privileges without credentials, and take complete control of the system. A Rapid Response test proved the target asset was exploitable to the FreePBX vulnerability in just 3 minutes.

This vulnerability has a CVSS score of 10.0 (Critical) and has been actively exploited in the wild since August 21, 2025.

Technical Details

  • Vulnerability Type: Authentication Bypass → SQL manipulation → Remote Code Execution (RCE)
  • Affected Versions: 15, 16, 17
  • Patched Versions: 15.0.66, 16.0.89, 17.0.3
  • Impact:
    • Unauthenticated attacker gains full administrator-level access
    • Modification of call routing, voicemail, and PBX configurations
    • Potential pivot deeper into enterprise networks

Mitigations

Immediate Actions:

  • Restrict and lock down admin interfaces.
  • Upgrade to patched versions: 15.0.66, 16.0.89, 17.0.3.

Ongoing Defense:

Rapid Response N-Day Testing

Run the Test Now

References

🔗 Bleeping Computer Article

🔗 FreePBX Community Advisory

🔗 GitHub Advisory

Read about other CVEs

CVE-2024-23108

Fortinet FortiSIEM 2nd Order Command Injection

Read More

CVE-2023-43208

NextGen Mirth Connect Pre-Auth RCE

Read More

CVE-2023-34992

Fortinet FortiSIEM Command Injection

Read More

NodeZero® Platform

Implement a continuous find, fix, and verify loop with NodeZero

The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Explore NodeZero

Recognized By