CNNVD-202510-1745 Information

CNNVD ID

CNNVD-202510-1745

Related CVE

CVE-2025-59051

• CNNVD Published: 2025-10-14

Description (Chinese)

FreePBX Endpoint Manager是FreePBX开源的一款集中管理IP电话终端配置模块。 FreePBX Endpoint Manager 16.0.92之前版本和17.0.6之前版本存在操作系统命令注入漏洞，该漏洞源于用户输入清理不足，可能导致经过身份验证的攻击者以asterisk用户身份执行OS命令。

Description (English)

FreePBX Endpoint Manager is a centralized IP telephone terminal configuration module for FreePBX open source. FreePBX Endpoint Manager 16.0.92 and 17.0.6 had a gap in operating system commands, which stemmed from insufficient user input clean-up and could result in the identity of the attacker as an asteristsk user.

Hazard Level

High

Vulnerability Type

操作系统命令注入

Affected Vendor

FreePBX

Published

2025-10-14

Last Modified

2026-02-24

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-qgj3-f9gj-98v9 https://access.redhat.com/security/cve/cve-2025-59051

Patch

https://www.freepbx.org/downloads/