Sangoma has issued a warning about a critical zero-day vulnerability in FreePBX, tracked as CVE-2025-57819 with a maximum CVSS score of 10.0. The flaw affects systems with publicly accessible administrator control panels and is currently being exploited.
FreePBX is an open-source platform that allows organizations to manage VoIP calls, call routing, voicemail, conferencing, and other telephony features through a web interface. It turns servers into full-featured business phone systems.
The vulnerability stems from improperly sanitized user input, which can allow attackers to access the admin panel without authentication, manipulate databases, and execute remote code. The issue was found in the “endpoint” module of FreePBX versions 16 and 17, where attackers chained multiple steps to potentially gain root access.
Affected versions include:
- FreePBX 15 before 15.0.66
- FreePBX 16 before 16.0.89
- FreePBX 17 before 17.0.3
Sangoma recommends updating FreePBX, limiting public access to the admin panel, and checking for signs of compromise. Indicators include changes to /etc/freepbx.conf, presence of .clean.sh in the web directory, suspicious POST requests to modular.php, unusual calls to extension 9998, and unknown users in the ampusers database.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
