Vulnerability fixed in FreePBX

🗓️ 29 Aug 2025 08:37:54Reported by NCSCType

FreePBX fixed a vulnerability in versions 15–17 allowing unauthorized access via the endpoint module; apply the patch and verify indicators of compromise.

Reporter	Title	Published	Views	Family All 37
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	8 Sep 202515:28	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	7 Jun 202600:54	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	8 Jun 202610:22	–	githubexploit
GithubExploit	Exploit for CVE-2025-57819	29 Aug 202511:59	–	githubexploit
GithubExploit	Exploit for SQL Injection in Sangoma Freepbx	4 Sep 202503:21	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	18 Sep 202520:38	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	12 Sep 202517:53	–	githubexploit
GithubExploit	Exploit for CVE-2025-57819	1 Sep 202516:29	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	6 Jun 202620:13	–	githubexploit
GithubExploit	Exploit for Authentication Bypass Using an Alternate Path or Channel in Sangoma Freepbx	6 Jun 202620:49	–	githubexploit

Source	Link
community	www.community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
github	www.github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h

29 Aug 2025 08:37Current

7.9High risk

Vulners AI Score7.9

CVSS 410

CVSS 3.19.8

EPSS0.76952