CNNVD-202510-1744 Information

CNNVD ID

CNNVD-202510-1744

Related CVE

CVE-2025-61678

• CNNVD Published: 2025-10-14

Description (Chinese)

FreePBX Endpoint Manager是FreePBX开源的一款集中管理IP电话终端配置模块。 FreePBX Endpoint Manager 16.0.92之前版本和17.0.6之前版本存在代码问题漏洞，该漏洞源于fwbrand参数存在经过身份验证的任意文件上传，可能导致远程代码执行。

Description (English)

FreePBX Endpoint Manager is a centralized IP telephone terminal configuration module for FreePBX open source. FreePBX Endpoint Manager 16.0.92 and 17.0.6 had a code problem gap, which stemmed from the fact that the fwbrand parameter had been uploaded into any document with authentication, which could lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

FreePBX

Published

2025-10-14

Last Modified

2026-02-24

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-7p8x-8m3m-58j9 https://access.redhat.com/security/cve/cve-2025-61678

Patch

https://www.freepbx.org/downloads/