Critical Vulnerability Information Vulnerability Overview Title: Authenticated Arbitrary File Upload in Endpoint Manager CVE ID: CVE-2025-61678 GHSA ID: GHSA-7p8x-8m3m-58j9 Severity: High (CVSS v4 Base Score: 8.6) Affected Versions Package: endpoint (FreePBX 16) - Affected Versions: < 16.0.92 - Fixed Version: 16.0.92 Package: endpoint (FreePBX 17) - Affected Versions: < 17.0.6 - Fixed Version: 17.0.6 Description Summary: An arbitrary file upload vulnerability exists in the FreePBX Endpoint Management module, affecting the parameter. This parameter allows attackers to modify file paths, which, when combined, could lead to webshell uploads. Authentication Required: Requires authentication with a known username. Mitigation Measures Upgrade to the latest patched version of the endpoint module. Protect the ACP from suspicious users. Remove users who should not have access. Firewall the FreePBX ACP HTTP/HTTPS/GraphQL ports. CVSS Scores CVSS v4.0 Base Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N CVSS v4.0 More Complete Vector String: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/E:U/AU:N/R:U/V:D/RE:L/U:6Green Current CVSS v4.0 Base Score: 8.6 (High) Current CVSS v4.0 More Complete Score: 6.1 (Medium) Alternative CVSS v4.1 Score: 0.9 (Low) Weakness CWE: CWE-434 Contributors Reporter: nking-horizon3 Coordinator: chrsmlj