Source: Ministry of education information & communication security contingency platform
"" "" "" ""
| Publication Number | TACERT-ANA-2025090310095858 | Publication Time | 2025/09/03 10:22 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/09/03 10:22 |
| Impact Level | Medium | ||
| [Subject] 【Vulnerability Alert】A high-risk security vulnerability (CVE-2025-57819) exists in FreePBX. Please promptly verify and patch. |
|||
| [Content] Forwarded from the National Institute of Cyber Security NISAC-200-202509-00000006 Researchers discovered an authentication bypass vulnerability (CVE-2025-57819) in FreePBX — the web administration interface tool used to manage Asterisk systems. An unauthenticated remote attacker can directly access administrator functions, thereby taking control of the database and executing arbitrary code. This vulnerability has been exploited by attackers; please verify and apply patches as soon as possible. Note: Asterisk is open-source Private Branch Exchange (PBX) system software that provides VoIP functionality; besides running on regular computers, it can also run on embedded systems such as OpenWRT. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
|
[Affected Platform] ● FreePBX 16 up to but not including 16.0.89 ● FreePBX 17 up to but not including 17.0.3 |
|||
|
[Recommended Actions] https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h |
|||
|
[Reference] 2. https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h |
|||