Vulnerabilities
Vulnerable Software
Sangoma:  >> Freepbx  >> 16.0.68.39  Security Vulnerabilities
FreePBX is an open source IP PBX. Prior to 17.0.8, the FreePBX api module's OAuth2 implementation does not sufficiently validate client credentials during token issuance. Knowledge of a valid client_id is required. The validateClient() method in ClientRepository.php unconditionally returns true, allowing any party with knowledge of a valid client_id to obtain OAuth2 access tokens without providing the correct client_secret. This vulnerability is fixed in 17.0.8.
CVSS Score
7.6
EPSS Score
0.002
Published
2026-05-29
CVE-2025-57819
Known exploited
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
CVSS Score
10.0
EPSS Score
0.933
Published
2025-08-28


Contact Us

Shodan ® - All rights reserved