Sangoma Freepbx vulnerabilities
40 known vulnerabilities affecting sangoma/freepbx.
Total CVEs
40
CISA KEV
2
actively exploited
Public exploits
7
Exploited in wild
4
Severity breakdown
CRITICAL6HIGH19MEDIUM15
Vulnerabilities
Page 1 of 2
CVE-2025-57819P1CRITICALCVSS 9.8KEVPoC≥ 15.0, < 15.0.66≥ 16.0, < 16.0.89+1 more2025-08-28
CVE-2025-57819 [CRITICAL] CWE-89 CVE-2025-57819: FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are v
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0
nvd
CVE-2019-19006P1CRITICALCVSS 9.8KEV≥ 13.0.0.0, ≤ 13.0.197.13≥ 14.0.0.0, ≤ 14.0.13.11+1 more2019-11-21
CVE-2019-19006 [CRITICAL] CWE-287 CVE-2019-19006: Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Ac
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Control.
nvd
CVE-2012-4869P1HIGHCVSS 7.5ExploitedPoC≤ 2.10v2.92012-09-06
CVE-2012-4869 [HIGH] CWE-94 CVE-2012-4869: The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier a
The callme_startcall function in recordings/misc/callme_page.php in FreePBX 2.9, 2.10, and earlier allows remote attackers to execute arbitrary commands via the callmenum parameter in a c action.
nvd
CVE-2014-7235P1CRITICALCVSS 10.0ExploitedPoC≤ 2.9.0.8v2.11.0.0+4 more2014-10-07
CVE-2014-7235 [CRITICAL] CWE-94 CVE-2014-7235: htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in Free
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
nvd
CVE-2025-66039P1CRITICALCVSS 9.8PoCfixed in 16.0.44≥ 17.0.1, < 17.0.232025-12-09
CVE-2025-66039 [CRITICAL] CWE-287 CVE-2025-66039: FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions a
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fi
nvd
CVE-2014-1903P2HIGHCVSS 7.5PoCv2.92014-02-18
CVE-2014-1903 [HIGH] CWE-264 CVE-2014-1903: admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 befor
admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, 2.10 before 2.10.1.15, 2.11 before 2.11.0.23, and 12 before 12.0.1alpha22 does not restrict the set of functions accessible to the API handler, which allows remote attackers to execute arbitrary PHP code via the function and args parameters to admin/config.php.
nvd
CVE-2024-58294P2HIGHCVSS 8.8v16.02025-12-11
CVE-2024-58294 [HIGH] CWE-78 CVE-2024-58294: FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allo
FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.
nvd
CVE-2026-28287P2HIGHCVSS 8.8≥ 16.0.17.2, < 16.0.20≥ 17.0.2.4, < 17.0.52026-03-05
CVE-2026-28287 [HIGH] CWE-78 CVE-2026-28287: FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, multiple command injection vulnerabilities exist in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
nvd
CVE-2026-46376P2CRITICALCVSS 9.8fixed in 16.0.45≥ 17.0, < 17.0.72026-05-29
CVE-2026-46376 [CRITICAL] CWE-798 CVE-2026-46376: FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users m
FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if these were not immediately changed by the Administrator who enabled UCP. Authenticated access to ACP is required for the initial setup of UCP generic
nvd
CVE-2010-3490P3MEDIUMCVSS 6.5PoC≤ 2.8.02010-09-28
CVE-2010-3490 [MEDIUM] CWE-22 CVE-2010-3490: Directory traversal vulnerability in page.recordings.php in the System Recordings component in the c
Directory traversal vulnerability in page.recordings.php in the System Recordings component in the configuration interface in FreePBX 2.8.0 and earlier allows remote authenticated administrators to create arbitrary files via a .. (dot dot) in the usersnum parameter to admin/config.php, as demonstrated by creating a .php file under the web root.
nvd
CVE-2026-44238P2HIGHCVSS 8.8fixed in 16.0.50≥ 17.0, < 17.0.112026-05-29
CVE-2026-44238 [HIGH] CWE-89 CVE-2026-44238: FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows S
FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administration Control Panel account that has CDR section access is required. Full administrator privileges are not needed. This vulnerability is fixed in 16.0.50 and
nvd
CVE-2025-55211P3HIGHCVSS 8.8≥ 17.0.19.11, < 17.0.212025-09-15
CVE-2025-55211 [HIGH] CWE-78 CVE-2025-55211: FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, aut
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
nvd
CVE-2026-44239P3HIGHCVSS 8.8fixed in 16.0.22≥ 17.0, < 17.0.52026-05-29
CVE-2026-44239 [HIGH] CWE-98 CVE-2026-44239: FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJA
FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST['rawname'] parameter is concatenated into an include() call with a .class.php suffix, allowing path traversal via ../ sequences to include arbitrary .class
nvd
CVE-2026-28284P3HIGHCVSS 8.8≥ 16.0, < 16.0.10≥ 17.0, < 17.0.52026-03-05
CVE-2026-28284 [HIGH] CWE-89 CVE-2026-28284: FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module
FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several authenticated SQL injection vulnerabilities. This issue has been patched in versions 16.0.10 and 17.0.5.
nvd
CVE-2025-67736P3HIGHCVSS 7.2≥ 16.0, < 16.0.5≥ 17.0, < 17.0.52025-12-16
CVE-2025-67736 [HIGH] CWE-89 CVE-2025-67736: The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interfa
The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to the Administrator Control Panel (ACP) can leverage thi
nvd
CVE-2026-28210P3HIGHCVSS 8.8≥ 16.0, < 16.0.49≥ 17.0, < 17.0.72026-03-05
CVE-2026-28210 [HIGH] CWE-89 CVE-2026-28210: FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Dat
FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnerable to SQL query injection. This issue has been patched in versions 16.0.49 and 17.0.7.
nvd
CVE-2025-55210P3HIGHCVSS 7.5≥ 16.0.2, < 16.0.17≥ 17.0.1, < 17.0.52026-02-12
CVE-2025-55210 [HIGH] CWE-270 CVE-2025-55210: FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 1
FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access. This vulnerability allows an attacker to forge a valid JWT with full access to the REST and GraphQL APIs on a Free
nvd
CVE-2026-44237P3HIGHCVSS 8.1fixed in 17.0.82026-05-29
CVE-2026-44237 [HIGH] CWE-1390 CVE-2026-44237: FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation do
FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php unconditionally returns true, allowing any party with knowledge of a valid client_id
nvd
CVE-2023-43336P3HIGHCVSS 8.8fixed in 15.0.16≥ 16.0.2, < 16.0.17+2 more2023-11-02
CVE-2023-43336 [HIGH] CWE-284 CVE-2023-43336: Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to con
Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.
nvd
CVE-2026-28209P3HIGHCVSS 7.2≥ 16.0.17.2, < 16.0.20≥ 17.0.2.4, < 17.0.52026-03-05
CVE-2026-28209 [HIGH] CWE-78 CVE-2026-28209: FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.
FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5, a command injection vulnerability exists in FreePBX when using the ElevenLabs Text-to-Speech (TTS) engine in the recordings module. This issue has been patched in versions 16.0.20 and 17.0.5.
nvd
1 / 2Next →