Sangoma has launched emergency patches for a zero-day vulnerability exploited to hack FreePBX servers with the administrator management panel accessible from the web.
Tracked as CVE-2025-57819 (CVSS rating of 10/10), the bug is described as an inadequate sanitization of user-supplied information. Profitable exploitation of the flaw permits attackers to entry the FreePBX administrator panel, enabling database manipulation and distant code execution (RCE).
Fixes have been rolled out for FreePBX variations 15, 16, and 17, after Sangoma found that the safety defect had been exploited within the wild beginning on or earlier than August 21. The hacked servers had insufficient IP filtering/ACLs, as famous in a GitHub advisory.
“This preliminary entry level was then chained with a number of different steps to in the end achieve probably root degree entry on the goal programs,” the advisory reads.
The problem was found within the business “endpoint” module. Customers are suggested to lock down all administrator entry, distant web entry to the FreePBX servers, make sure the servers are protected by a firewall, replace to a patched model, and test that the “endpoint” has the really helpful fixes.
“Customers ought to test their automated safety updates are lively. We’re conscious of a present problem within the v17 “framework” module which will forestall automated replace notification emails,” Sangoma notes.
Sangoma has launched indicators-of-compromise (IOCs) to assist directors hunt for indicators of exploitation, in addition to really helpful restoration steps.
On Friday, the US cybersecurity company CISA added CVE-2025-57819 to its Identified Exploited Vulnerabilities (KEV) catalog, urging federal companies to patch it by September 19, as mandated by Binding Operational Directive (BOD) 22-01.Commercial. Scroll to proceed studying.
Though BOD 22-01 solely applies to federal companies, all organizations are suggested to evaluation CISA’s KEV checklist and take the required steps to mitigate the safety defects it identifies.
Sangoma FreePBX is an open supply interface for the administration of Asterisk, a framework for real-time, multi-protocol communications purposes.
Associated: WhatsApp Zero-Day Exploited in Assaults Concentrating on Apple Customers
Associated: Citrix Patches Exploited NetScaler Zero-Day
Associated: Organizations Warned of Exploited Git Vulnerability
Associated:Lots of of N-able N-central Situations Affected by Exploited Vulnerabilities
