# Experts Warn of Actively Exploited FreePBX Zero-Day

A critical zero-day vulnerability has been discovered in the widely used open-source telephony software platform, FreePBX. According to experts, this actively exploited vulnerability (CVE-2025-57819) poses a significant threat to organizations that have publicly exposed admin control panels.

## What is FreePBX?

FreePBX is an open-source telephony software platform that provides a web-based graphical interface for managing Asterisk, the most widely used open-source PBX (Private Branch Exchange). With FreePBX, organizations can set up and manage features like:

* Setting up and managing business phone systems * Integrating with various third-party applications * Providing a user-friendly interface for administrators

## The Root Cause of the Issue

The root cause of the issue is insufficiently sanitized user-supplied data, which allows unauthenticated access to the FreePBX Administrator. This leads to arbitrary database manipulation and remote code execution.

## The Attack Vector

Project administrators revealed that an attacker exploited a flaw in FreePBX v16–17's "endpoint" module on exposed systems, chaining it with other steps to gain possible root access. Starting on or before August 21st, 2025, an unauthorized user began accessing multiple FreePBX version 16 and 17 systems that were connected directly to the public internet.

## Target Systems

Most of the potentially vulnerable systems are in the US, followed by Russia and Germany. Experts warn that these systems have inadequate IP filtering/ACLs, making them more susceptible to exploitation.

## What Can Be Done?

To mitigate this threat, users are urged to:

* Update FreePBX * Restrict public ACP access * Check for IoCs (Indicators of Compromise)

## The Impact

The impact of this zero-day vulnerability is significant. An attacker could perform SQLi and RCE attacks on vulnerable systems.

## Conclusion

The Sangoma FreePBX Security Team has addressed an actively exploited FreePBX zero-day vulnerability, tracked as CVE-2025-57819 (CVSS score of 10.0). Organizations that have publicly exposed admin control panels are advised to take immediate action to patch the vulnerability and protect themselves against potential attacks.

### Additional Resources:

* Search for more information: https://t.co/hv7QKSqxTR * Learn more about this vulnerability: https://t.co/tYMjnmD0wF

Follow us on Twitter, Facebook, and Mastodon for the latest security news and updates. @securityaffairs