A critical, actively exploited zero-day vulnerability in the FreePBX commercial Endpoint Manager module (CVE-2025-57819) allows unauthenticated remote code execution (RCE) and potentially root-level access on vulnerable systems, particularly those with public internet access to their admin panels. Administrators of affected FreePBX versions (including versions prior to 15.0.66, 16.0.89, and 17.0.3) must immediately upgrade to the latest supported versions and restrict public access to the admin panel to mitigate the risk of intrusion.
La vulnerabilità, identificata come CVE-2025-57819 e con score CVSS v3.1
pari a 10, è dovuta ad una sanitizzazione insufficiente degli input
forniti dagli utenti al modulo endpoint. Qualora sfruttata,
potrebbe consentire a utenti malintenzionati remoti di eseguire codice
arbitrario e ottenere accesso amministrativo ai sistemi target.
A critical, actively exploited zero-day vulnerability in the FreePBX commercial Endpoint Manager module (CVE-2025-57819) allows unauthenticated remote code execution (RCE) and potentially root-level access on vulnerable systems, particularly those with public internet access to their admin panels. Administrators of affected FreePBX versions (including versions prior to 15.0.66, 16.0.89, and 17.0.3) must immediately upgrade to the latest supported versions and restrict public access to the admin panel to mitigate the risk of intrusion.
La vulnerabilità, identificata come CVE-2025-57819 e con score CVSS v3.1 pari a 10, è dovuta ad una sanitizzazione insufficiente degli input forniti dagli utenti al modulo endpoint. Qualora sfruttata, potrebbe consentire a utenti malintenzionati remoti di eseguire codice arbitrario e ottenere accesso amministrativo ai sistemi target.Articoli recenti
Commenti recenti
About Me
Zulia Maron Duo
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore.
Popular Categories
Popular Tags
Archivi