CVE-2025-57819

UNKNOWN

Published 2025-08-28T16:45:18.749Z

Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2025-57819. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

Available Exploits

No exploits available for this CVE.

Related News

Experts warn of actively exploited FreePBX zero-day

Sangoma warns of an actively exploited FreePBX zero-day affecting systems with publicly exposed admin control panels. The Sangoma FreePBX Security Team addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10…

Securityaffairs.com 2025-08-29 13:19

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-57819 Sangoma FreePBX Authentication Bypass Vulnerability This type of vulnerability is a f…

Cisa.gov 2025-08-29 12:00

Affected Products

FreePBX

security-reporting

Affected Versions:

< 15.0.66 < 16.0.89 < 17.0.3

Known Exploited Vulnerability

This vulnerability is actively being exploited in the wild

View KEV Details

Remediation Status

Due Soon

Due Date

September 19, 2025 (10 days remaining)

Added to KEV

August 29, 2025

Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Product

Vendor/Project: Sangoma

Product: FreePBX

Ransomware Risk

Known Ransomware Use

KEV Catalog Version: 2025.08.29 Released: August 29, 2025

EU Vulnerability Database

Monitored by ENISA for EU cybersecurity

EU Coordination

EU Coordinated

Exploitation Status

No Known Exploitation

EUVD ID

View on ENISA

ENISA Analysis

Affected Products (ENISA)

freepbx

security-reporting

ENISA Scoring

CVSS Score (4.0)

10.0

/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

EPSS Score

0.440

probability

ENISA References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h

https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

Data provided by ENISA EU Vulnerability Database. Last updated: August 29, 2025

Social Media Intelligence

Real-time discussions and threat intelligence from social platforms

27 posts

Reddit • 10 hours, 17 minutes ago

itinsightsNL

Exploit

Kritieke FreePBX zero-day: update nu! Kritieke zero-day kwetsbaarheid in FreePBX: onmiddellijke actie vereist Een recent ontdekte zero-day kwetsbaarheid in Sangoma FreePBX, aangeduid als CVE-2025-57819, vormt een ernstige bedreiging voor bedrijven die dit populaire open-source PBX-platform gebruiken. Deze kwetsbaarheid stelt aanvallers in staat om op afstand en zonder authenticatie controle over …

1.0

View Original High Risk

Reddit • 10 hours, 17 minutes ago

itinsightsNL

Exploit

1.0

View Original High Risk

Reddit • 10 hours, 17 minutes ago

itinsightsNL

Exploit

1.0

View Original High Risk

Reddit • 10 hours, 17 minutes ago

itinsightsNL

Exploit

1.0

View Original High Risk

Reddit • 1 day, 10 hours ago

itinsightsNL

Exploit

FreePBX Zero-Day Kwetsbaarheid: Update Nu! Kritieke zero-day kwetsbaarheid in FreePBX: onmiddellijke actie vereist Een recent ontdekte zero-day kwetsbaarheid in Sangoma FreePBX, CVE-2025-57819, vormt een ernstige bedreiging voor talloze organisaties. Deze kwetsbaarheid stelt aanvallers in staat om op afstand en zonder authenticatie controle over getroffen PBX-systemen te krijgen. Voor Managed Service …

1.0

View Original High Risk

Reddit • 1 day, 10 hours ago

itinsightsNL

Exploit

1.0

View Original High Risk

Reddit • 1 day, 10 hours ago

itinsightsNL

Exploit

1.0

View Original High Risk

Reddit • 1 day, 10 hours ago

itinsightsNL

Exploit

1.0

View Original High Risk

Reddit • 2 days, 10 hours ago

itinsightsNL

Exploit

Kritieke Zero-Day Bedreigt FreePBX: Onmiddellijk Patchen! Kritieke zero-day kwetsbaarheid ontdekt in FreePBX Een kritieke zero-day kwetsbaarheid, aangeduid als CVE-2025-57819, is ontdekt in Sangoma FreePBX, een populaire open-source software voor telefooncentrales. Deze kwetsbaarheid stelt aanvallers in staat om op afstand en zonder authenticatie controle over getroffen PBX-systemen te nemen. Dit vormt …

1.0

View Original High Risk

Reddit • 2 days, 10 hours ago

itinsightsNL

Exploit

1.0

View Original High Risk

View All 27 Posts

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h

https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203

Published: 2025-08-28T16:45:18.749Z

Last Modified: 2025-08-29T22:20:23.714Z

Copied to clipboard!

CVE-2025-57819

Expert Analysis

Description

Available Exploits

Related News

Affected Products

security-reporting

Affected Versions:

Known Exploited Vulnerability

Remediation Status

Due Date

Added to KEV

Required Action

Affected Product

Ransomware Risk

EU Vulnerability Database

EU Coordination

Exploitation Status

EUVD ID

ENISA Analysis

Affected Products (ENISA)

ENISA Scoring

CVSS Score (4.0)

EPSS Score

ENISA References

Social Media Intelligence

References

Request Analysis

What to expect

Request Received!