CNNVD-202509-2027 Information
CNNVD ID
CNNVD-202509-2027
Related CVE
- CNNVD Published: 2025-09-15
Description (Chinese)
FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 17.0.19.11版本至17.0.21之前版本存在操作系统命令注入漏洞,该漏洞源于框架模块语言设置不当,可能导致执行任意shell命令。
Description (English)
FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). FreePBX 17.0.19.11 to 17.0.21 contains a loophole in the operating system commands, which stems from the inappropriate language set-up of the frame module, which may lead to the execution of any shell command.
Hazard Level
High
Vulnerability Type
操作系统命令注入
Affected Vendor
FreePBX
Published
2025-09-15
Last Modified
2026-02-24
References
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-xg83-m6q5-q24h https://access.redhat.com/security/cve/cve-2025-55211
Patch
https://www.freepbx.org/downloads/
Share on: