CVE-2025-66039
Published Dec 9, 2025
Last updated 11 days ago
AI description
CVE-2025-66039 is an authentication bypass vulnerability affecting the FreePBX Endpoint Manager module when the authentication type is set to "webserver". By providing an arbitrary Authorization header, an attacker can create a session associated with a target user without needing valid credentials. This vulnerability allows an unauthenticated attacker to potentially gain unauthorized access to FreePBX Endpoint Manager systems. The issue is fixed in FreePBX Endpoint Manager versions 16.0.44 and 17.0.23.
- Description
- FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
- Source
- security-advisories@github.com
- NVD status
- Analyzed
- Products
- freepbx
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-advisories@github.com
- CWE-287
- Hype score
- Not currently trending
🛠️ Metasploit Update Adds 7 New Modules for FreePBX Chains, Cacti and SmarterMail Metasploit Framework has published its January 30, 2026 weekly wrap up, adding seven new modules alongside a set of fixes. Three of the new modules target FreePBX by chaining CVE-2025-66039 w
@hackeraffairs
1 Feb 2026
120 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Metasploit Modules Weaponize Critical FreePBX, Cacti, and SmarterMail Flaws (Unauth RCE + Persistence) Metasploit 6.4.111 added seven modules chaining FreePBX auth bypass (CVE-2025-66039) with SQLi (CVE-2025-61675) or unrestricted upload (CVE-2025-61678) for unauth RCE,
@ThreatSynop
31 Jan 2026
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Metasploit Adds 7 Fresh Exploit Modules Targeting FreePBX, Cacti, and SmarterMail (Unauth RCE Chains) This Metasploit update ships new modules chaining FreePBX auth-bypass (CVE-2025-66039) with SQLi (CVE-2025-61675) or unrestricted upload (CVE-2025-61678) to reach unauth RC
@ThreatSynop
31 Jan 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ Multiple new vulnerabilities discovered in #FreePBX by @Horizon3ai. Combining Auth Bypass (CVE-2025-66039) with SQL Injection (CVE-2025-61675) can lead to unauthenticated Remote Code Execution. 🔥Deep Dive: https://t.co/bbgNURHfma 🔗FOFA Link: https://t.co/XhTGOj
@fofabot
17 Dec 2025
1213 Impressions
5 Retweets
16 Likes
2 Bookmarks
1 Reply
0 Quotes
FreePBX Flaw Allows Unauthenticated Login Bypass & Full VoIP System Takeover CVE-2025-57819 , CVE-2025-66039 Read the full report on - https://t.co/PVI3VkYGKU https://t.co/y5AN3oTnWF
@cyberbivash
16 Dec 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
FreePBX Flaws Enable Remote Code Execution—Patch Now Critical FreePBX flaws (CVE-2025-66039) include SQLi and auth bypass, risking remote code execution. Users must update to patched versions and avoid "webserver" auth type to prevent exploitation and ensure security. Immediat
@Secwiserapp
16 Dec 2025
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 New Security Research Disclosure 🚨 I’ve published a repository documenting multiple critical vulnerabilities in FreePBX (2025), including: 🔹 CVE-2025-66039 🔹 CVE-2025-61678 🔹 CVE-2025-61675 🔗 GitHub: https://t.co/Uknsy9ESK8 #InfoSec #cyberleelawat #CVE #Free
@cyberleelawat
16 Dec 2025
5 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-61675&CVE-2025-61678&CVE-2025-66039 : Critical SQLi,File-Upload, and AUTHTYPE Bypass Flaws in FreePBX could Lead to RCE. -------------------- CVE-2025-61675: An authenticated SQL injection vulnerability CVE-2025-61678: An authenticated arbitrary fil
@HunterMapping
16 Dec 2025
5942 Impressions
17 Retweets
89 Likes
29 Bookmarks
0 Replies
1 Quote
🚨🚨 Three Critical Vulnerabilities In FreePBX CVE-2025-61675: Authenticated SQL Injection - Affects endpoint module CVE-2025-61678: Authenticated Arbitrary File Upload - Affects endpoint module CVE-2025-66039: Authentication Bypass - Affects framework module ZoomEye Dork
@zoomeye_team
16 Dec 2025
2283 Impressions
11 Retweets
31 Likes
10 Bookmarks
1 Reply
0 Quotes
🚨 3 critical/high FreePBX vulnerabilities disclosed CVE-2025-66039: Authentication bypass CVE-2025-61675: SQL injection CVE-2025-61678: File upload leading to RCE I've created detection scripts for these vulns: https://t.co/2dmklJha55 @Horizon3ai - https://t.co/nQOPyb6K4F
@rxerium
15 Dec 2025
20013 Impressions
71 Retweets
459 Likes
288 Bookmarks
7 Replies
0 Quotes
The FreePBX Rabbit Hole: CVE-2025-66039 And Others https://t.co/stAfpHfZVf #news
@packet_storm
15 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
While analyzing CVE-2025-57819 – the RCE vuln that went KEV from late August, @Horizon3Attack uncovered three new #FreePBX vulnerabilities: CVE-2025-66039, 61675, and 61678. Under the webserver authentication type, they chain into full RCE. 🧵 https://t.co/85AmKySE52
@Horizon3ai
15 Dec 2025
298 Impressions
2 Retweets
6 Likes
0 Bookmarks
2 Replies
0 Quotes
The FreePBX Rabbit Hole: CVE-2025-66039 & More https://t.co/Dp2cacB6GG https://t.co/LqddkaI6gq
@secharvesterx
12 Dec 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Check out our new deep dive on CVE-2025-66039 and other related CVEs. We found an authentication bypass, multiple SQL injections, and file upload to RCE in FreePBX. https://t.co/TuYCn7bHR3
@Horizon3Attack
12 Dec 2025
11246 Impressions
35 Retweets
136 Likes
64 Bookmarks
2 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "703A0A9A-676E-473F-A3B3-69E6316ACABF",
"versionEndExcluding": "16.0.44"
},
{
"criteria": "cpe:2.3:a:sangoma:freepbx:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7313952-094B-4519-946E-3726B0E4C7AD",
"versionEndExcluding": "17.0.23",
"versionStartIncluding": "17.0.1"
}
],
"operator": "OR"
}
]
}
]