Critical FreePBX Zero-Day Actively Exploited, Emergency Patch Released
AI-Generated Summary
A critical zero-day vulnerability (CVE-2025-57819) with a CVSS score of 10.0 is being actively exploited in FreePBX servers since August 21, 2025. The flaw allows unauthenticated administrative access and remote code execution on systems with publicly exposed control panels. Sangoma has issued emergency patches for affected versions (15, 16, 17), and CISA has added it to its Known Exploited Vulnerabilities catalog, urging immediate action.
In a nutshell
This vulnerability poses an extreme risk to organizations using FreePBX for voice communications, emphasizing the critical need for immediate patching and strict access controls. The active exploitation and CISA's involvement highlight the urgency for all affected entities to implement defensive measures to prevent potential root-level compromise and data manipulation.
Source: The Hacker News
