CVE-2025-64328
HIGH KEV NUCLEISangoma Freepbx < 17.0.3 - OS Command Injection
Title source: ruleDescription
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.
Exploits (2)
nomisec
WORKING POC
by mcorybillington · poc
https://github.com/mcorybillington/CVE-2025-64328_FreePBX-framework-Command-Injection
metasploit
WORKING POC
EXCELLENT
by Cory Billington · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/http/freepbx_filestore_cmd_injection.rb
Nuclei Templates (1)
FreePBX >= 17.0.2.36 && < 17.0.3 - Authenticated Command Injection
CRITICALby _th3y
Shodan:
http.title:"freepbx" || http.favicon.hash:"-1908328911" || http.favicon.hash:"1574423538" || http.title:"freepbx administration"
FOFA:
icon_hash="-1908328911" || icon_hash="1574423538" || title="freepbx administration" || title="freepbx"
References (5)
Scores
CVSS v3
7.2
EPSS
0.8461
EPSS Percentile
99.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CISA KEV
2026-02-03
VulnCheck KEV
2026-01-28
ENISA EUVD
EUVD-2025-38232
CWE
CWE-78
Status
published
Products (2)
sangoma/firestore
17.0.2.36 - 17.0.3
sangoma/freepbx
17.0.2.36 - 17.0.3
Published
Nov 07, 2025
KEV Added
Feb 03, 2026
Tracked Since
Feb 18, 2026