Description

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

INFO

Published Date :

2025-08-28T16:45:18.749Z

Last Modified :

2026-02-26T17:47:51.014Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-57819 vulnerability.

Vendors Products
Freepbx
  • Freepbx
Sangoma
  • Freepbx
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-57819.

URL Resource
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 cve-icon cve-icon
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h cve-icon cve-icon
https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 cve-icon cve-icon
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-57819 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact