CNNVD-202509-941 Information
Sep 05, 2025
cve
CNNVD ID
CNNVD-202509-941
Related CVE
- CNNVD Published: 2025-09-05
Description (Chinese)
FreePBX api是FreePBX开源的一个插件。 FreePBX api 15.0.13之前版本、16.0.2至16.0.14版本和17.0.1至17.0.2版本存在信任管理问题漏洞,该漏洞源于多个系统使用相同的OAuth私钥,可能导致绕过认证。
Description (English)
FreePBX api is an open source plugin for FreePBX. Prior to FreePBX api 15.0.13, Versions 16.0.2 to 16.0.14 and 17.0.1 to 17.0.2, there is a confidence management management gap, which stems from multiple systems using the same OAuth private key and may result in circumvention of authentication.
Hazard Level
High
Vulnerability Type
信任管理问题
Affected Vendor
FreePBX
Published
2025-09-05
Last Modified
2026-02-24
References
https://github.com/FreePBX/api/commit/305295aad38322c74cffd75bf550707dfb1a64a2 https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf
Patch
https://github.com/FreePBX/security-reporting
Share on: