AI description
CVE-2025-61675 affects the FreePBX Endpoint Manager, a module used for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17 contain SQL injection vulnerabilities. These vulnerabilities are present in multiple parameters within the basestation, model, firmware, and custom extension configuration areas. Successful exploitation of CVE-2025-61675 allows authenticated users to execute arbitrary SQL queries against the database. This could lead to unauthorized access to sensitive data or modification of the database contents. The vulnerability has been addressed in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
- Description
- FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.
- Source
- security-advisories@github.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
- security-advisories@github.com
- CWE-89
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
27
⚠️⚠️ Multiple new vulnerabilities discovered in #FreePBX by @Horizon3ai. Combining Auth Bypass (CVE-2025-66039) with SQL Injection (CVE-2025-61675) can lead to unauthenticated Remote Code Execution. 🔥Deep Dive: https://t.co/bbgNURHfma 🔗FOFA Link: https://t.co/XhTGOj
@fofabot
17 Dec 2025
136 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Security Research Disclosure 🚨 I’ve published a repository documenting multiple critical vulnerabilities in FreePBX (2025), including: 🔹 CVE-2025-66039 🔹 CVE-2025-61678 🔹 CVE-2025-61675 🔗 GitHub: https://t.co/Uknsy9ESK8 #InfoSec #cyberleelawat #CVE #Free
@cyberleelawat
16 Dec 2025
5 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-61675&CVE-2025-61678&CVE-2025-66039 : Critical SQLi,File-Upload, and AUTHTYPE Bypass Flaws in FreePBX could Lead to RCE. -------------------- CVE-2025-61675: An authenticated SQL injection vulnerability CVE-2025-61678: An authenticated arbitrary fil
@HunterMapping
16 Dec 2025
5942 Impressions
17 Retweets
89 Likes
29 Bookmarks
0 Replies
1 Quote
🚨🚨 Three Critical Vulnerabilities In FreePBX CVE-2025-61675: Authenticated SQL Injection - Affects endpoint module CVE-2025-61678: Authenticated Arbitrary File Upload - Affects endpoint module CVE-2025-66039: Authentication Bypass - Affects framework module ZoomEye Dork
@zoomeye_team
16 Dec 2025
2283 Impressions
11 Retweets
31 Likes
10 Bookmarks
1 Reply
0 Quotes
🚨 3 critical/high FreePBX vulnerabilities disclosed CVE-2025-66039: Authentication bypass CVE-2025-61675: SQL injection CVE-2025-61678: File upload leading to RCE I've created detection scripts for these vulns: https://t.co/2dmklJha55 @Horizon3ai - https://t.co/nQOPyb6K4F
@rxerium
15 Dec 2025
20013 Impressions
71 Retweets
459 Likes
288 Bookmarks
7 Replies
0 Quotes
CVE-2025-61675 Authenticated SQL Injection in FreePBX Endpoint Manager Versions Below 16.0.92 and 17.0.6 https://t.co/C3r0TbIKal
@VulmonFeeds
14 Oct 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes