Cyber Resilience

CVE-2025-57819

CriticalCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 28 August 2025

Published
28 August 2025
Modified
24 October 2025
KEV Added
29 August 2025
Patch
CVSS Score v4 10.0 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.7695 99.0th percentile
Risk Priority 86 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-57819 is a critical-severity SQL Injection (CWE-89) vulnerability in Sangoma Freepbx. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

FreePBX is an open-source web-based graphical user interface for managing Asterisk-based telephony systems. Versions 15, 16, and 17 of its endpoints contain a vulnerability stemming from insufficient sanitization of user-supplied data, which permits unauthenticated access to the FreePBX Administrator interface. The flaw maps to CWE-89 and CWE-288 and carries a CVSS 4.0 score of 10.0, enabling arbitrary database manipulation and remote code execution. Patches are available in endpoint releases 15.0.66, 16.0.89, and 17.0.3.

An unauthenticated attacker with network access can exploit the issue without any privileges or user interaction, directly reaching the administrative interface to alter database contents and execute arbitrary code on the underlying system. The attack vector is rated as network-reachable with low complexity, resulting in total compromise of confidentiality, integrity, and availability for both the application and its host.

Official advisories from the FreePBX project and the associated GitHub security advisory recommend immediate upgrade to the patched endpoint versions and advise restricting administrator access until updates can be applied. The vulnerability appears in CISA’s Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation. The associated EPSS score has reached a peak of 0.8128 with a current value of 0.7695.

EU & UK References

Vulnerability details

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has…

more

been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

CWE(s)
KEV Date Added
29 August 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1053.003 Cron Execution
Adversaries may abuse the <code>cron</code> utility to perform task scheduling for initial or recurring execution of malicious code.
T1136.001 Local Account Persistence
Adversaries may create a local account to maintain access to victim systems.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unauthenticated access via SQL injection enables arbitrary DB manipulation and RCE (T1190), demonstrated by deploying web shells (T1505.003), adding cron jobs (T1053.003), and creating local accounts (T1136.001).

CVEs Like This One

CVE-2026-44238Same product: Sangoma Freepbx
CVE-2026-28284Same product: Sangoma Freepbx
CVE-2026-28210Same product: Sangoma Freepbx
CVE-2025-66039Same product: Sangoma Freepbx
CVE-2026-28209Same product: Sangoma Freepbx
CVE-2024-58294Same product: Sangoma Freepbx
CVE-2025-55210Same product: Sangoma Freepbx
CVE-2026-28287Same product: Sangoma Freepbx
CVE-2025-64328Same vendor: Sangomaboth on KEV
CVE-2025-25181Shared CWE-89both on KEV

Affected Assets

sangoma
freepbx
15.0 — 15.0.66 · 16.0 — 16.0.89 · 17.0 — 17.0.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring timely patching of affected FreePBX versions 15.0.66, 16.0.89, and 17.0.3 to fix the sanitization and authentication bypass flaws.

prevent

Addresses insufficient sanitization of user-supplied data by validating and sanitizing inputs to prevent SQL injection leading to database manipulation.

prevent

Enforces approved authorizations to block unauthenticated access to the FreePBX Administrator interface, countering the authentication bypass.

References