CVE-2025-57819

UNKNOWN 0.0

⚠️ CISA KEV

FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

CWE	CWE-89 CWE-288
Vendor	freepbx
Product	endpoint
Published	Aug 28, 2025
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for freepbx endpoint

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-57819.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

FreePBX / endpoint

< 15.0.66 < 16.0.89 < 17.0.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h community.freepbx.org: https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 github.com: https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-57819