CNNVD-202509-1979 Information
CNNVD ID
CNNVD-202509-1979
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 15版本、16版本和17版本存在路径遍历漏洞,该漏洞源于恶意连接可触发管理员控制面板的卸载功能,可能导致模块数据库表被删除。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). FreePBX 15, 16 and 17 have path-to-path loopholes that stem from malicious connections that trigger the offloading of the administrator’s control panel, which may lead to the deletion of the module database table.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
FreePBX
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/FreePBX/framework/blame/release/17.0/amp_conf/htdocs/admin/ajax.php#L18 https://github.com/FreePBX/security-reporting/security/advisories/GHSA-frc2-jhgg-rwpr https://access.redhat.com/security/cve/cve-2025-59056
Patch
https://www.freepbx.org/downloads/
Share on: