CVE-2025-66039

CRITICAL

FreePBX firmware file upload

Title source: metasploit

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.

Exploits (2)

nomisec SCANNER 1 stars

by cyberleelawat · poc

https://github.com/cyberleelawat/FreePBX-Multiple-CVEs-2025

View Code ZIP pw:eip

nomisec SCANNER 1 stars

by BimBoxH4 · poc

https://github.com/BimBoxH4/CVE-2025-66039_CVE-2025-61675_CVE-2025-61678_reePBX

View Code ZIP pw:eip

References (3)

[Product] https://github.com/FreePBX/framework/commit/04224253156543cd9932b90458660b2f19fc0e35#diff-72f14a52840a61504a8e03cd195035b44e488aecd634b001bc6412a04bdc940bR20-R50

[Mitigation, Vendor Advisory] https://github.com/FreePBX/security-reporting/security/advisories/GHSA-9jvh-mv6x-w698

[Not Applicable, Vendor Advisory] https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80

Scores

CVSS v3 9.8

EPSS 0.3467

EPSS Percentile 97.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-287

Status published

Products (1)

sangoma/freepbx < 16.0.44

Published Dec 09, 2025

Tracked Since Feb 18, 2026