CVE-2025-61675

CVE Database · CVE-2025-61675

CVE-2025-61675

· N/ADeferred

CVSS v3.1

N/A

CVSS v4.0

8.6

EPSS

38.96%

Published

Oct 14, 2025

Modified

Apr 14, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection vulnerabilities affecting multiple parameters in the basestation, model, firmware, and custom extension configuration functionality areas. Authentication with a known username is required to exploit these vulnerabilities. Successful exploitation allows authenticated users to execute arbitrary SQL queries against the database, potentially enabling access to sensitive data or modification of database contents. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17.

Weaknesses (CWE)

CWE-89

References (1)

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-292p-rj6h-54cp

KEV Catalog EPSS Scores Vendors All CVEs