Zurück zur CVE-Übersicht
CVE-2025-57819
CRITICAL(9.8)KEV — Aktiv ausgenutztCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Risk Signal Score81/100 — KRITISCH
- CVSS 9.8 — Kritisch
- EPSS 87% — sehr wahrscheinlich ausgenutzt
- Im CISA KEV-Katalog (aktiv ausgenutzt)
CISA KEV
Bestätigt ausgenutzt
EPSS-Score
87%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
9.8
Technische Schwere
Beschreibung
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
Referenzen
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administ...
- https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c...
- https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-...