CVE-2025-64328 | THREATINT

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

PUBLISHED Reserved 2025-10-30 | Published 2025-11-07 | Updated 2026-02-03 | Assigner GitHub_M

HIGH: 8.6CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA Known Exploited Vulnerability

Date added 2026-02-03 | Due date 2026-02-24

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Problem types

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

>= 17.0.2.36, < 17.0.3

affected

References

www.fortinet.com/...iling-the-weaponized-web-shell-encystphp third-party-advisory

www.cisa.gov/...erabilities-catalog?field_cve=CVE-2025-64328 government-resource

github.com/...orting/security/advisories/GHSA-vm9p-46mv-5xvw

github.com/...23310ef19a59013/drivers/SSH/testconnection.php

www.freepbx.org/watch-what-we-do-with-security-fixes-👀

cve.org (CVE-2025-64328)

nvd.nist.gov (CVE-2025-64328)

Download JSON