cbcvebase.

Freepbx Endpoint vulnerabilities

4 known vulnerabilities affecting freepbx/endpoint.

Total CVEs
4
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-57819P1CRITICALCVSS 9.8KEVPoCfixed in 15.0.66fixed in 16.0.89+1 more2025-08-28
CVE-2025-57819 [CRITICAL] CWE-89 CVE-2025-57819: FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are v FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0
nvd
CVE-2025-61675P2HIGHCVSS 8.6PoCfixed in 16.0.92v>= 17.0.0, < 17.0.62025-10-14
CVE-2025-61675 [HIGH] CWE-89 CVE-2025-61675: FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In version FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension config
nvd
CVE-2025-59051P3HIGHCVSS 8.6fixed in 16.0.92v>= 17.0.0, < 17.0.62025-10-14
CVE-2025-59051 [HIGH] CWE-78 CVE-2025-59051: The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based acce The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command execution as the asterisk user. Authentication with a known us
nvd
CVE-2025-67513P3MEDIUMCVSS 6.9fixed in 16.0.96v>= 17.0.1, < 17.0.102025-12-10
CVE-2025-67513 [MEDIUM] CWE-521 CVE-2025-67513: FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions p FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension
nvd
Freepbx Endpoint vulnerabilities | cvebase