VIR Vulnerability Intelligence Relay

CVE-2025-57819

unknown KEV
Published 2025-08-29 · Modified 2025-08-29
CVSS v3
CVSS v2
VIR risk
1.5

Description

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.

CISA KEV

Vendor
Sangoma
Product
FreePBX
Due date
2025-09-19

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h ; https://nvd.nist.gov/vuln/detail/CVE-2025-57819

Exploits

References

Verify integrity in audit chain (admin only). AS-IS.