CNNVD-202512-3128 Information

Dec 16, 2025 cve

CNNVD ID

CNNVD-202512-3128

CVE-2025-67722

CNNVD Published: 2025-12-16

Description (Chinese)

FreePBX（前称Asterisk Management Portal）是FreePBX项目的一套通过GUI（基于网页的图形化接口）配置Asterisk（IP电话系统）的工具。 FreePBX 16.0.45之前版本和17.0.24之前版本存在代码问题漏洞，该漏洞源于amportal脚本存在权限提升问题，可能导致执行任意代码。

Description (English)

FreePBX (formerly Asterisk Management Portal) is a set of tools for the FreePBX project to configure Asteristk (IP telephone system) through GUI (page-based graphical interface). There is a code gap in the pre-FreePBX 16.0.45 and pre-manufactured version of 17.0.24, which stems from the problem of the enhancement of privileges in the amportal script, which may lead to the enforcement of any code.

Hazard Level

High

Vulnerability Type

代码问题

Affected Vendor

Friendica

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-p42w-v77m-hfp8 https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80 https://access.redhat.com/security/cve/cve-2025-67722

Share on: