EIP-2026-104255

PRE-CVE

FreePBX 2.5.x - Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104255. PoCs published by Ivan Huertas.

AI-analyzed exploit summary The advisory describes an information disclosure vulnerability in FreePBX 2.5.x where administrator passwords are exposed in the HTML source code of the admin panel. The proof of concept demonstrates how an authenticated user can view other administrators' passwords by inspecting the page source.

Description

FreePBX 2.5.x - Information Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ivan Huertas · textwebappsmultiple

https://www.exploit-db.com/exploits/11187

View Code ZIP pw:eip

The advisory describes an information disclosure vulnerability in FreePBX 2.5.x where administrator passwords are exposed in the HTML source code of the admin panel. The proof of concept demonstrates how an authenticated user can view other administrators' passwords by inspecting the page source.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FreePBX 2.5.x

Auth required

Prerequisites: Access to the administrator section of FreePBX

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026