CVE-2025-57819CRITICAL · 9.8TrackedCISA KEV

Sangoma · FreePBX

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.

Disclosed

2025-08-28

285 days ago

Status

no honeypot capture yet

on CISA KEV — watching

7-day events

across 0 distinct IPs

7-day spread

0 ASN · 0 cty

0 active days

Top ASNs

No events captured yet.

Top countries

No events captured yet.

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
https://nvd.nist.gov/vuln/detail/CVE-2025-57819

↗ NVD ↗ CISA KEV ↗ Search analyses