- Home
- Alerts & Advisories
- Alerts
- Critical Vulnerability in FreePBX Servers
Critical Vulnerability in FreePBX Servers
4 September 2025
FreePBX has released security updates addressing a critical vulnerability affecting their administrator control panels if exposed to the Internet. Users and administrators of affected versions are strongly advised to update to the latest versions.
Background
FreePBX has released security updates addressing a critical vulnerability (CVE-2025-57819) affecting their administrator control panels if exposed to the Internet. The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.
Impact
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain privileged access and perform remote code execution.
Known Exploitation
The vulnerability is reportedly being exploited in the wild.
Affected Products
FreePBX versions 15 prior to 15.0.66
FreePBX versions 16 prior to 16.0.89
FreePBX versions 17 prior to 17.0.3
Mitigation
Users and administrators of affected product versions are strongly advised to update to the latest versions immediately and restrict public access to internet-exposed administrator control panels. Administrators are also advised to scan for the following indicators of compromise:
File "/etc/freepbx.conf" recently modified or missing
File "/var/www/html/.clean.sh" should not exist on normal systems
POST requests to "modular.php" in web server logs are likely not legitimate traffic
Phone calls placed to extension 9998 in call logs and CDRs are unusual, unless previously configured
Suspicious "ampuser" user in the ampusers database table or other unknown users
References
https://nvd.nist.gov/vuln/detail/CVE-2025-57819
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
https://thehackernews.com/2025/08/freepbx-servers-targeted-by-zero-day.html
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h