CNNVD-202508-3316 Information

CNNVD ID

CNNVD-202508-3316

Related CVE

CVE-2025-57819

• CNNVD Published: 2025-08-28

Description (Chinese)

FreePBX（前称Asterisk Management Portal）是FreePBX项目的一套通过GUI（基于网页的图形化接口）配置Asterisk（IP电话系统）的工具。 FreePBX 15.0.66版本和17.0.3之前版本存在安全漏洞，该漏洞源于用户数据清理不足，可能导致未经验证访问管理员界面及远程代码执行。

Description (English)

FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). FreePBX 15.0.66 and previous versions of 17.0.3 have a security loophole, which stems from inadequate user data clean-up and may lead to non-validation of access to the administrator interface and remote code implementation.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

FreePBX

Published

2025-08-28

Last Modified

2026-02-24

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203 https://nvd.nist.gov/vuln/detail/CVE-2025-57819

Patch

https://www.freepbx.org/