Main
Vulnerability Database
Exploits
ID:11978 - Exploit for SQL injection in FreePBX - CVE-2025-57819
ID:11978 - Exploit for SQL injection in FreePBX - CVE-2025-57819
Published: September 23, 2025
Vulnerability identifier: #VU114554
Vulnerability risk: Critical
CVE-ID: CVE-2025-57819
CWE-ID: CWE-89
Exploitation vector: Remote access
Vulnerable software:
FreePBX
FreePBX
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient sanitization of user-supplied data within the endpoint module. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands, leading to system compromise.
Note, the vulnerability is being actively exploited in the wild since August 21, 2025.
Remediation
Install updates from vendor's website.