CVE-2025-57819 PoC — FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE

Source

Associated Vulnerability

Description

CVE-2025-57819

Readme

# 🚨 CVE-2025-57819 — Critical FreePBX Vulnerability

### 🔎 Overview

* Affects **FreePBX 15, 16, and 17** (endpoint modules).
* Cause: **Improper sanitization of user input** → leads to **authentication bypass + SQL injection → possible Remote Code Execution (RCE)**.
* **Severity**:

  * CVSS v4: 🔴 **10.0 (Critical)**
  * CVSS v3.1: 🔴 **9.8 (Critical)**
  * CVSS v2: 🔴 **10.0 (Critical)**
* **Actively exploited in the wild** since late **August 2025**.

---

### 📅 Timeline

* **Before Aug 21, 2025** → Attacks observed in the wild.
* **Aug 28, 2025** → FreePBX issued a public security advisory.
* **Aug 29, 2025** → CISA added it to the **Known Exploited Vulnerabilities** list (patch deadline: Sep 19, 2025).
* **Sep 2, 2025** → NVD published full details.

---

### ⚠️ Affected Versions

* **Vulnerable**:

  * FreePBX < 15.0.66
  * FreePBX < 16.0.89
  * FreePBX < 17.0.3
* **Fixed in**:

  * 15.0.66
  * 16.0.89
  * 17.0.3

---

### 🕵️ Indicators of Compromise (IoCs)

Check your system for:

* Missing or modified **`/etc/freepbx.conf`**
* Suspicious script **`/var/www/html/.clean.sh`**
* Strange POST requests to **`modular.php`**
* Calls to extension **9998** in logs
* Unknown or shady **`ampusers`** database entries

---

### 🛡️ Mitigation Steps

1. **Patch immediately** ⬆️ to the fixed versions.
2. **Restrict access** 🔒 — block public exposure of the FreePBX admin panel.
3. **Monitor logs** 📜 — look for IoCs above.
4. **Rebuild & reset credentials** 🔑 if compromise suspected (use backups from before Aug 21, 2025).
5. **Follow CISA guidance** if under U.S. federal compliance.

---

### ✅ Key Takeaway

This is a **critical, actively exploited zero-day**. If your FreePBX is internet-exposed and not patched, **assume compromise**. Patch now, lock down access, and investigate thoroughly.

---

### 🖥️ How do I run this script?

1 - Download Nuclei from kali linux 
```
┌──(kali㉿kali)-[~]
└─$ sudo apt install nuclei
```

2 - Copy the template to your local system

3 - Run the following command: nuclei -u `https://yourHost.com` -t CVE-2025-57819.yaml

---

### ⚙️ Usage:

```
┌──(kali㉿kali)-[~]
└─$ sudo python3 Blackash-CVE-2025-57819 10.10.10.10
```

<img width="1197" height="496" alt="bug2" src="https://github.com/user-attachments/assets/ceab5888-ee4f-414a-9ad5-de491b2c91e4" />


---


### ⚠️ Disclaimer:

The information provided here about FreePBX, CVEs, ports, and security practices is for **educational and informational purposes only**. It is **not professional security advice**. Any actions you take based on this information are **at your own risk**.

You should:

* Always follow official vendor documentation and advisories.
* Apply patches and updates directly from the FreePBX/Asterisk project.
* Consult with a qualified cybersecurity professional before making security or configuration changes in production environments.

I do **not guarantee completeness or accuracy**, especially since vulnerabilities and mitigations evolve quickly.

---

File Snapshot

 [4.0K]  /data/pocs/b555ef5c38c4cf0b4ff68f76f3c48b5d4d3e2b43
├── [ 14K]  Blackash-CVE-2025-57819
├── [1.1K]  CVE-2025-57819.yaml
└── [3.0K]  README.md

0 directories, 3 files

Remarks