FreePBX Filestore Module Exposure Scanner

This python script is a lightweight security scanner designed to detect installations of FreePBX and check basic indicators related to the vulnerability CVE-2025-64328...

FreePBX 17.0.2.36 < 17.0.3 Command Injection (GHSA-vm9p-46mv-5xvw)

The version of FreePBX installed on the remote host is 17.0.2.36 or later but prior to 17.0.3. It is, therefore, affected by a command injection vulnerability: - The filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated...

CVE-2025-64328

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the...

PT-2025-45402

Name of the Vulnerable Software and Affected Versions FreePBX versions 17.0.2.36 through 17.0.3 Description FreePBX Endpoint Manager, a module for managing telephony endpoints, contains a post-authentication command injection flaw within the filestore module of the Administrative interface. This...