Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

FreePBX — Vulnerabilities & Security Advisories 26

Browse all 26 CVE security advisories affecting FreePBX. AI-powered Chinese analysis, POCs, and references for each vulnerability.

FreePBX is an open-source web-based GUI that controls and manages Asterisk, an open-source telephony software suite. Primarily used by businesses and service providers to build IP-based communication systems, it simplifies complex PBX configuration through a user-friendly interface. Historically, the platform has been susceptible to critical vulnerability classes, including Remote Code Execution (RCE), Cross-Site Scripting (XSS), and privilege escalation flaws. These issues often stem from insufficient input validation or insecure default configurations within its modules. Notable incidents have included widespread exploitation of RCE vulnerabilities, allowing attackers to gain full system control and deploy ransomware. With 26 CVEs currently on record, the software’s security posture relies heavily on timely patching and strict access controls. Administrators must remain vigilant, as the breadth of its feature set introduces a larger attack surface compared to minimalistic telephony solutions.

Found 4 results / 26Clear Filters
Top products by FreePBX: endpoint framework security-reporting api endpointman arimanager cdr voicemail contactmanager core filestore restapps FreePBX tts
CVE IDTitleCVSSSeverityPublished
CVE-2025-67722 Authenticated amportal search for ‘freepbx_engine’ in non root writeable directories leads to potential privilege escalation — frameworkCWE-426 7.8AIHighAI2025-12-16
CVE-2025-66039 FreePBX Endpoint Manager Allows Unauthenticated Logins to Administrator Control Panel via Forged Basic Auth Header — frameworkCWE-287 7.4AIHighAI2025-12-09
CVE-2025-59056 FreePBX vulnerable to unauthenticated Denial of Service — frameworkCWE-22 3.8AILowAI2025-09-15
CVE-2025-55211 FreePBX Post-Authenticated Command Injection — frameworkCWE-78 7.2AIHighAI2025-09-15

This page lists every published CVE security advisory associated with FreePBX. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.