← Back to CVEs

CVE-2025-64328

HIGHCISA KEV

7.2

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

CVE Details

CVSS v3.1 Score7.2

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredHIGH

User InteractionNONE

Published11/7/2025

Last Modified2/24/2026

Sourcekev

Honeypot Sightings0

CISA KEV

VendorSangoma

ProductFreePBX

Vulnerability NameSangoma FreePBX OS Command Injection Vulnerability

KEV Date Added2026-02-03

Remediation Due Date2026-02-24

Ransomware UseUnknown

Affected Products

sangoma:firestore

Weaknesses (CWE)

CWE-78

References

https://github.com/FreePBX/filestore/blob/f0e3983059271efd80b483ec823310ef19a59013/drivers/SSH/testconnection.php#L2(security-advisories@github.com)

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw(security-advisories@github.com)

https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80(security-advisories@github.com)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64328(134c704f-9b21-4f2e-91b3-4a467353bcc0)

https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphp(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.