FreePBX RCE via Unsanitized Admin Endpoints prior 15.0.66/16.0.89/17.0.3
CVE-2025-57819 Published on August 28, 2025
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Known Exploited Vulnerability
This Sangoma FreePBX Authentication Bypass Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.
The following remediation steps are recommended / required by September 19, 2025: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Weakness Types
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2025-57819 has been classified to as a SQL Injection vulnerability or weakness.
Authentication Bypass Using an Alternate Path or Channel
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Affected Versions
FreePBX endpoint:- Version < 15.0.66 is affected.
- Version < 16.0.89 is affected.
- Version < 17.0.3 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.