New updates have been released for FreePBX, an open-source VoIP phone system managent platform. These updates include a critical security fix addressing a recently discovered vulnerability impacting certain configurations where the admin interface was exposed to the internet, and could have potentially allowed unauthorized access or control.
This vulnerability, tracked as CVE-2025-57819, specifically affects the Endpoint Module in supported versions and could be exploited if the administrator interface is accessible from public, untrusted networks. The Firewall module can be configured to restrict access to trusted IP addresses, significantly reducing the attack surface.
The security patch has been successfully released into the stable repositories for all supported versions, FreePBX 15, 16 and 17, including all releases of the Endpoint Module.
The update process is straightforward through the standard FreePBX interface or via command line, and users should verify that automatic security updates are active.
System administrators and users are advised to update their systems immediately to safeguard against potential exploitation, and review logs for any suspicious activity such as unauthorized POST requests or unexpected changes in system files.
Check out the FreePBX Security Team’s official security advisory on GitHub here.
Leave a Reply