FreePBX | Breaking Cybersecurity News | The Hacker News

The Shadowserver Foundation has revealed that over 900 Sangoma FreePBX instances still remain infected with web shells as part of attacks that exploited a command injection vulnerability starting in December 2025. Of these, 401 instances are located in the U.S., followed by 51 in Brazil, 43 in Canada, 40 in Germany, and 36 in France. The non-profit entity said the compromises are likely accomplished via the exploitation of CVE-2025-64328 (CVSS score: 8.6), a high-severity security flaw that could enable post-authentication command injection. "The impact is that any user with access to the FreePBX Administration panel could leverage this vulnerability to execute arbitrary shell commands on the underlying host," FreePBX said in an advisory for the flaw in November 2025. "An attacker could leverage this to obtain remote access to the system as the asterisk user." Security researcher M. Cory Billington, who is credited with discovering and reporting the vulnera...

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet. FreePBX is an open-source private branch exchange (PBX) platform widely used by businesses, call centers, and service providers to manage voice communications. It's built on top of Asterisk , an open-source communication server. The vulnerability, assigned the CVE identifier CVE-2025-57819 , carries a CVSS score of 10.0, indicating maximum severity. "Insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator, leading to arbitrary database manipulation and remote code execution," the project maintainers said in an advisory. The issue impacts the following versions - FreePBX 15 prior to 15.0.66 FreePBX 16 prior to 16.0.89, and FreePBX 17 prior to 17.0.3 Sangoma said an unauthorized user began accessing mult...