Forwarded by the National Information Security Information Sharing and Analysis Center (NISAC-200-202509-00000006)
Researchers have discovered an authentication bypass vulnerability (CVE-2025-57819) in FreePBX, a web-based management interface tool for Asterisk systems. This vulnerability allows an unauthenticated remote attacker to directly access administrator functions, potentially controlling the database and executing arbitrary code. This vulnerability has been exploited by hackers. Please confirm and patch it as soon as possible.
Note: Asterisk is open-source private branch exchange (PBX) system software that includes VoIP functionality. It can run on standard computers as well as embedded systems such as OpenWRT.
[Affected Platforms]
● FreePBX versions 15 to 15.0.66 (excluding)
● FreePBX versions 16 to 16.0.89 (excluding)
● FreePBX versions 17 to 17.0.3 (excluding)
[Recommended Actions]
A fix has been released for this vulnerability. Please refer to the official announcement at the following URL:
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2025-57819
2. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
[Security Vulnerability Alert] FreePBX has a high-risk security vulnerability (CVE-2025-57819). Please confirm and patch it as soon as possible.
Type:行政公告
Pubish Date:2025/09/04 至 2026/03/04
Visitors:123
返回列表
