CVE-2025-59056

7.5 HIGH
Published: September 15, 2025 Modified: October 17, 2025
View on NVD

Description

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/FreePBX/framework/blame/release/17.0/amp_conf/htdocs/admin/ajax.php#L18
Source: security-advisories@github.com
Product
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-frc2-jhgg-rwpr
Source: security-advisories@github.com
Mitigation Third Party Advisory

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
EPSS (Exploit Probability)
0.1%
30th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Affected Vendors

sangoma

Related CVEs

CVE-2025-69261 N/A
CVE-2025-69257 6.7
CVE-2025-69210 N/A
CVE-2025-66823 N/A
CVE-2025-50343 N/A