CERTVU would like to advise on the following;

CVE-2025-57819 is a critical vulnerability in the commercial “endpoint” module of FreePBX versions 15, 16, and 17, caused by insufficient sanitization of user-supplied input. This flaw enables unauthenticated attackers to bypass admin access controls, perform SQL injection, and ultimately achieve remote code execution

• FreePBX 15 versions prior to 15.0.66.
• FreePBX 16 versions prior to 16.0.89.
• FreePBX 17 versions prior to 17.0.3.

How Attackers can exploit this vulnerability;

• Initial Access: Attackers exploit unsanitized input vulnerabilities in the endpoint module to bypass authentication and gain access to the FreePBX Administrator interface.
• SQL Injection: Once inside, they can execute arbitrary SQL queries to manipulate the database.
• Remote Code Execution: The SQL injection is chained to achieve Remote Code Execution (RCE) – potentially with root-level privileges - giving attackers full system control.

CERT Vanuatu advises IT Personel/System Administrators and technical people to apply immediate remediation by;

• Upgrade FreePBX immediately to one of the following patched versions:
  • FreePBX 15 – 15.0.66
  -
  • FreePBX 16 – 16.0.89
  -
  • FreePBX 17 – 17.0.3
  -
• Apply Network Security Control by restricting administrative access to trusted ranges using firewall rules or the FreePBX Firewall module. Deny external access until systems are patched.
• Constant monitoring on web server logs for suspicious traffics and activities in your network.