CVE-2025-61675

This repository provides Nuclei templates for detecting three FreePBX vulnerabilities (CVE-2025-61675, CVE-2025-61678, CVE-2025-66039) by version checking without exploitation. It includes non-invasive detection methods and usage instructions.

The repository contains Nuclei templates for detecting three FreePBX vulnerabilities (CVE-2025-61675, CVE-2025-61678, CVE-2025-66039) by version checking and fingerprinting. It does not include exploit code but provides detection logic for vulnerable instances.

This repository contains a Python-based vulnerability scanner for FreePBX systems, targeting CVE-2025-66039 (authentication bypass), CVE-2025-61675 (SQL injection), and CVE-2025-61678 (file upload RCE). The tool performs detection and limited exploitation but does not include full functional exploit code for all vulnerabilities.

This Metasploit module exploits CVE-2025-61675, a SQL injection vulnerability in FreePBX, chained with CVE-2025-66039 (authentication bypass) to create an administrative user. It leverages the custom extension component to inject SQL payloads and verify the creation of a new admin account.

This Metasploit module exploits CVE-2025-61675, a SQL injection vulnerability in FreePBX's custom extension component, chained with an authentication bypass (CVE-2025-66039) to achieve unauthenticated remote code execution by injecting a malicious cron job into the database.