Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
Warning: Critical RCE vulnerability in FreePBX, Patch Immediately!
Image
Publié : 29/08/2025
- Last update: 29/08/2025
- Affected software:
→ FreePBX < 15.0.66, < 16.0.89, < 17.0.3- Type:
→ CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
→ CWE-288: Authentication Bypass Using an Alternate Path or Channel- CVE/CVSS
→ CVE-2025-57819: CVSS 10 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H)
Sources
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h
Risks
FreePBX is a web-based open-source graphical user interface (GUI) that controls and manages Asterisk, a voice-over-IP (VoIP) server. Exploiting this vulnerability could allow unauthenticated attackers to gain administrator access, manipulate the backend database, and execute arbitrary code remotely. This compromises confidentiality through unauthorized access, integrity via database tampering, and availability by enabling full system takeover and potential service disruption
This vulnerability is exploited in the wild; patching without delay is strongly recommended!
Description
CVE-2025-57819 is a critical input validation vulnerability in the commercial "endpoint" module of FreePBX versions 15, 16 and 17. It allows unauthenticated attackers to inject unsanitized user-supplied data, bypassing access controls and gaining administrator-level access to the FreePBX interface. Once inside, attackers can manipulate the backend database and chain further exploits to achieve remote code execution, potentially with root privileges. The vulnerability has been actively exploited in the wild since at least August 21st, 2025, targeting publicly exposed FreePBX systems lacking proper IP filtering or ACLs.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-57819
https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203