CVE-2025-55211

Medium CVSS: 6.3

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.

Vendor

Sangoma

Product

Freepbx

CWE

CWE-78

Yayın Tarihi

2025-09-15 21:15:36

Güncelleme

2025-10-17 14:46:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-78 Freepbx MEDIUM Sangoma 2025

Referanslar

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-xg83-m6q5-q24h

Benzer Kayıtlar

High

CVE-2026-28287

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,…

High

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,…

High

CVE-2026-28210

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnera…

High

CVE-2026-28284

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several aut…

Low

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, F…

Low

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1…