CVE Catalog

Actively exploited in the wild

Sangoma FreePBX OS Command Injection Vulnerability

Sangoma — FreePBX · Listed in the CISA KEV since 2026-02-03. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2025-64328

HighCVSS 7.2KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
82.96%

100th percentile — higher than 100% of all known CVEs

Summary

The Endpoint Manager module in FreePBX, in versions 17.0.2.36 and above before 17.0.3, is vulnerable to post-authentication command injection by an authenticated known user. An attacker can leverage this vulnerability to gain remote access to the system as an asterisk user.

Risk Assessment

This vulnerability could lead to unauthorized access to the telephony system, posing a significant security risk to the organization.

Recommendation

It is recommended to upgrade to version 17.0.3 or later to mitigate this vulnerability.

Original NVD description (English source)

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS