CVE-2025-55211
Published: 15 September 2025
Summary
CVE-2025-55211 is a medium-severity OS Command Injection (CWE-78) vulnerability in Sangoma Freepbx. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 26.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-29256
Vulnerability details
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Authenticated command injection in FreePBX web-based GUI (public-facing application) allows low-privileged ACP users to execute arbitrary Unix shell commands, enabling T1190 (exploit public-facing app), T1068 (exploitation for privilege escalation), and T1059.004 (Unix shell execution).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.