cbcvebase.

Freepbx Framework vulnerabilities

4 known vulnerabilities affecting freepbx/framework.

Total CVEs
4
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3

Vulnerabilities

Page 1 of 1
CVE-2025-66039P1CRITICALCVSS 9.8PoCfixed in 16.0.44v>= 17.0.1, < 17.0.232025-12-09
CVE-2025-66039 [CRITICAL] CWE-287 CVE-2025-66039: FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions a FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fi
nvd
CVE-2025-55211P3HIGHCVSS 8.8v>= 17.0.19.11, < 17.0.212025-09-15
CVE-2025-55211 [HIGH] CWE-78 CVE-2025-55211: FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, aut FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
nvd
CVE-2025-59056P3HIGHCVSS 7.5fixed in 15.0.38v>= 16.0.0, < 16.0.41+1 more2025-09-15
CVE-2025-59056 [HIGH] CWE-22 CVE-2025-59056: FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious c FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability
nvd
CVE-2025-67722P3HIGHCVSS 7.8fixed in 16.0.45v>= 17.0.0, < 17.0.242025-12-16
CVE-2025-67722 [HIGH] CWE-426 CVE-2025-67722: FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to v FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to versions 16.0.45 and 17.0.24 of the FreePBX framework, an authenticated local privilege escalation exists in the deprecated FreePBX startup script `amportal`. In the deprecated `amportal` utility, the lookup for the `freepbx_engine` file occurs in `/etc/
nvd
Freepbx Framework vulnerabilities | cvebase