CVE-2025-57819

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-57819
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57819.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-57819
Aliases
  • GHSA-m42g-xg4c-5f3h
Published
2025-08-28T16:45:18.749Z
Modified
2026-04-10T05:31:12.929528Z
Severity
  • 10.0 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
Summary
FreePBX Affected by Authentication Bypass Leading to SQL Injection and RCE
Details

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-288",
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/57xxx/CVE-2025-57819.json"
}
References

Affected packages

Git / github.com/freepbx/framework

Affected ranges

Type
GIT
Repo
https://github.com/freepbx/framework
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
94f92d03deed2cbaac7a328bc511ffd5525cc476
Database specific 
{
    "versions": [
        {
            "introduced": "17.0"
        },
        {
            "fixed": "17.0.3"
        }
    ]
}

Affected versions

release/12.*
release/12.0.0.0alpha1.0
release/12.0.1alpha1
release/12.0.1alpha10
release/12.0.1alpha11
release/12.0.1alpha12
release/12.0.1alpha13
release/12.0.1alpha14
release/12.0.1alpha16
release/12.0.1alpha17
release/12.0.1alpha18
release/12.0.1alpha19
release/12.0.1alpha2
release/12.0.1alpha20
release/12.0.1alpha21
release/12.0.1alpha22
release/12.0.1alpha23
release/12.0.1alpha24
release/12.0.1alpha25
release/12.0.1alpha26
release/12.0.1alpha27
release/12.0.1alpha28
release/12.0.1alpha29
release/12.0.1alpha3
release/12.0.1alpha30
release/12.0.1alpha31
release/12.0.1alpha32
release/12.0.1alpha4
release/12.0.1alpha5
release/12.0.1alpha7
release/13.*
release/13.0.1RC1.20
release/13.0.1RC1.21
release/13.0.1RC1.22
release/13.0.1RC1.23
release/13.0.1RC1.24
release/13.0.1RC1.25
release/13.0.1RC1.26
release/13.0.1RC1.27
release/13.0.1RC1.28
release/13.0.1RC1.30
release/13.0.1alpha10
release/13.0.1alpha11
release/13.0.1alpha12
release/13.0.1alpha14
release/13.0.1alpha15
release/13.0.1alpha16
release/13.0.1alpha17
release/13.0.1alpha18
release/13.0.1alpha19
release/13.0.1alpha2
release/13.0.1alpha20
release/13.0.1alpha21
release/13.0.1alpha22
release/13.0.1alpha23
release/13.0.1alpha24
release/13.0.1alpha25
release/13.0.1alpha26
release/13.0.1alpha27
release/13.0.1alpha28
release/13.0.1alpha29
release/13.0.1alpha3
release/13.0.1alpha30
release/13.0.1alpha31
release/13.0.1alpha32
release/13.0.1alpha33
release/13.0.1alpha34
release/13.0.1alpha35
release/13.0.1alpha36
release/13.0.1alpha37
release/13.0.1alpha38
release/13.0.1alpha39
release/13.0.1alpha4
release/13.0.1alpha40
release/13.0.1alpha41
release/13.0.1alpha42
release/13.0.1alpha43
release/13.0.1alpha44
release/13.0.1alpha45
release/13.0.1alpha46
release/13.0.1alpha47
release/13.0.1alpha48
release/13.0.1alpha49
release/13.0.1alpha5
release/13.0.1alpha50
release/13.0.1alpha51
release/13.0.1alpha52
release/13.0.1alpha53
release/13.0.1alpha54
release/13.0.1alpha55
release/13.0.1alpha56
release/13.0.1alpha57
release/13.0.1alpha58
release/13.0.1alpha59
release/13.0.1alpha6
release/13.0.1alpha60
release/13.0.1alpha61
release/13.0.1alpha62
release/13.0.1alpha63
release/13.0.1alpha64
release/13.0.1alpha65
release/13.0.1alpha66
release/13.0.1alpha67
release/13.0.1alpha68
release/13.0.1alpha69
release/13.0.1alpha7
release/13.0.1alpha8
release/13.0.1alpha9
release/13.0.1beta1
release/13.0.1beta2
release/13.0.1beta3
release/13.0.1beta3.1
release/13.0.1beta3.10
release/13.0.1beta3.11
release/13.0.1beta3.12
release/13.0.1beta3.13
release/13.0.1beta3.14
release/13.0.1beta3.15
release/13.0.1beta3.16
release/13.0.1beta3.17
release/13.0.1beta3.18
release/13.0.1beta3.19
release/13.0.1beta3.2
release/13.0.1beta3.20
release/13.0.1beta3.21
release/13.0.1beta3.22
release/13.0.1beta3.23
release/13.0.1beta3.24
release/13.0.1beta3.25
release/13.0.1beta3.3
release/13.0.1beta3.4
release/13.0.1beta3.5
release/13.0.1beta3.53
release/13.0.1beta3.54
release/13.0.1beta3.55
release/13.0.1beta3.56
release/13.0.1beta3.57
release/13.0.1beta3.58
release/13.0.1beta3.59
release/13.0.1beta3.6
release/13.0.1beta3.60
release/13.0.1beta3.61
release/13.0.1beta3.62
release/13.0.1beta3.63
release/13.0.1beta3.7
release/13.0.1beta3.9
release/13.0.4
release/13.0.5
release/13.0.6
release/14.*
release/14.0.1
release/14.0.1.1
release/14.0.1alpha1
release/14.0.1alpha10
release/14.0.1alpha11
release/14.0.1alpha12
release/14.0.1alpha13
release/14.0.1alpha14
release/14.0.1alpha15
release/14.0.1alpha16
release/14.0.1alpha17
release/14.0.1alpha18
release/14.0.1alpha19
release/14.0.1alpha2
release/14.0.1alpha20
release/14.0.1alpha21
release/14.0.1alpha22
release/14.0.1alpha23
release/14.0.1alpha24
release/14.0.1alpha25
release/14.0.1alpha26
release/14.0.1alpha27
release/14.0.1alpha28
release/14.0.1alpha29
release/14.0.1alpha3
release/14.0.1alpha30
release/14.0.1alpha31
release/14.0.1alpha32
release/14.0.1alpha33
release/14.0.1alpha34
release/14.0.1alpha35
release/14.0.1alpha4
release/14.0.1alpha5
release/14.0.1alpha6
release/14.0.1alpha7
release/14.0.1alpha8
release/14.0.1alpha9
release/14.0.1beta1
release/14.0.1beta10
release/14.0.1beta11
release/14.0.1beta12
release/14.0.1beta13
release/14.0.1beta14
release/14.0.1beta15
release/14.0.1beta16
release/14.0.1beta17
release/14.0.1beta18
release/14.0.1beta19
release/14.0.1beta2
release/14.0.1beta20
release/14.0.1beta3
release/14.0.1beta4
release/14.0.1beta5
release/14.0.1beta6
release/14.0.1beta7
release/14.0.1beta8
release/14.0.1beta9
release/14.0.1rc1
release/14.0.1rc1.1
release/14.0.1rc1.10
release/14.0.1rc1.11
release/14.0.1rc1.12
release/14.0.1rc1.13
release/14.0.1rc1.14
release/14.0.1rc1.15
release/14.0.1rc1.16
release/14.0.1rc1.17
release/14.0.1rc1.18
release/14.0.1rc1.19
release/14.0.1rc1.2
release/14.0.1rc1.21
release/14.0.1rc1.22
release/14.0.1rc1.23
release/14.0.1rc1.24
release/14.0.1rc1.25
release/14.0.1rc1.26
release/14.0.1rc1.27
release/14.0.1rc1.29
release/14.0.1rc1.3
release/14.0.1rc1.30
release/14.0.1rc1.4
release/14.0.1rc1.5
release/14.0.1rc1.6
release/14.0.1rc1.7
release/14.0.1rc1.8
release/15.*
release/15.0.1.1
release/15.0.1.10
release/15.0.1.11
release/15.0.1.12
release/15.0.1.13
release/15.0.1.14
release/15.0.1.15
release/15.0.1.16
release/15.0.1.17
release/15.0.1.18
release/15.0.1.19
release/15.0.1.2
release/15.0.1.21
release/15.0.1.22
release/15.0.1.23
release/15.0.1.24
release/15.0.1.25
release/15.0.1.26
release/15.0.1.27
release/15.0.1.28
release/15.0.1.29
release/15.0.1.3
release/15.0.1.30
release/15.0.1.31
release/15.0.1.32
release/15.0.1.33
release/15.0.1.34
release/15.0.1.35
release/15.0.1.36
release/15.0.1.37
release/15.0.1.38
release/15.0.1.39
release/15.0.1.4
release/15.0.1.40
release/15.0.1.41
release/15.0.1.42
release/15.0.1.5
release/15.0.1.6
release/15.0.1.7
release/15.0.1.8
release/15.0.1.9
release/15.0.10
release/15.0.10.1
release/15.0.10.2
release/15.0.10.3
release/15.0.11
release/15.0.11.1
release/15.0.12
release/15.0.14
release/15.0.15
release/15.0.15.1
release/15.0.15.2
release/15.0.15.3
release/15.0.15.4
release/15.0.16
release/15.0.16.1
release/15.0.16.10
release/15.0.16.11
release/15.0.16.12
release/15.0.16.13
release/15.0.16.14
release/15.0.16.15
release/15.0.16.16
release/15.0.16.17
release/15.0.16.18
release/15.0.16.19
release/15.0.16.2
release/15.0.16.20
release/15.0.16.21
release/15.0.16.22
release/15.0.16.23
release/15.0.16.26
release/15.0.16.27
release/15.0.16.28
release/15.0.16.29
release/15.0.16.3
release/15.0.16.30
release/15.0.16.31
release/15.0.16.32
release/15.0.16.33
release/15.0.16.34
release/15.0.16.35
release/15.0.16.36
release/15.0.16.37
release/15.0.16.38
release/15.0.16.39
release/15.0.16.4
release/15.0.16.40
release/15.0.16.41
release/15.0.16.42
release/15.0.16.5
release/15.0.16.6
release/15.0.16.7
release/15.0.16.8
release/15.0.16.9
release/15.0.1alpha2
release/15.0.1alpha3
release/15.0.1beta1
release/15.0.1beta2
release/15.0.1beta3
release/15.0.2
release/15.0.2.1
release/15.0.2.10
release/15.0.2.11
release/15.0.2.12
release/15.0.2.13
release/15.0.2.14
release/15.0.2.15
release/15.0.2.16
release/15.0.2.2
release/15.0.2.3
release/15.0.2.4
release/15.0.2.5
release/15.0.2.6
release/15.0.2.7
release/15.0.2.8
release/15.0.2.9
release/15.0.3
release/15.0.4
release/15.0.5
release/15.0.5.1
release/15.0.5.11
release/15.0.5.12
release/15.0.5.13
release/15.0.5.14
release/15.0.5.2
release/15.0.5.3
release/15.0.5.6
release/15.0.5.7
release/15.0.5.8
release/15.0.5.9
release/15.0.6
release/15.0.6.1
release/15.0.6.11
release/15.0.6.12
release/15.0.6.13
release/15.0.6.14
release/15.0.6.15
release/15.0.6.16
release/15.0.6.17
release/15.0.6.18
release/15.0.6.2
release/15.0.6.3
release/15.0.6.4
release/15.0.6.5
release/15.0.6.6
release/15.0.6.7
release/15.0.6.8
release/15.0.6.9
release/15.0.7
release/15.0.8
release/15.0.8.1
release/15.0.9
release/16.*
release/16.0.10
release/16.0.10.1
release/16.0.10.10
release/16.0.10.11
release/16.0.10.12
release/16.0.10.13
release/16.0.10.14
release/16.0.10.15
release/16.0.10.16
release/16.0.10.17
release/16.0.10.18
release/16.0.10.19
release/16.0.10.2
release/16.0.10.20
release/16.0.10.21
release/16.0.10.22
release/16.0.10.23
release/16.0.10.24
release/16.0.10.25
release/16.0.10.26
release/16.0.10.27
release/16.0.10.28
release/16.0.10.29
release/16.0.10.3
release/16.0.10.30
release/16.0.10.31
release/16.0.10.32
release/16.0.10.33
release/16.0.10.34
release/16.0.10.35
release/16.0.10.36
release/16.0.10.37
release/16.0.10.38
release/16.0.10.39
release/16.0.10.4
release/16.0.10.40
release/16.0.10.41
release/16.0.10.42
release/16.0.10.43
release/16.0.10.44
release/16.0.10.45
release/16.0.10.46
release/16.0.10.47
release/16.0.10.48
release/16.0.10.49
release/16.0.10.5
release/16.0.10.50
release/16.0.10.51
release/16.0.10.6
release/16.0.10.7
release/16.0.10.8
release/16.0.10.9
release/16.0.11
release/16.0.12
release/16.0.13
release/16.0.14
release/16.0.15
release/16.0.16
release/16.0.17
release/16.0.18
release/16.0.19
release/16.0.19.1
release/16.0.19.10
release/16.0.19.11
release/16.0.19.12
release/16.0.19.13
release/16.0.19.14
release/16.0.19.15
release/16.0.19.16
release/16.0.19.17
release/16.0.19.18
release/16.0.19.2
release/16.0.19.3
release/16.0.19.4
release/16.0.19.5
release/16.0.19.6
release/16.0.19.7
release/16.0.19.8
release/16.0.19.9
release/16.0.3
release/16.0.4
release/16.0.5
release/16.0.6
release/16.0.7
release/16.0.8
release/16.0.9
release/17.*
release/17.0.1
release/17.0.2
release/2.*
release/2.11.0.0
release/2.11.0.0beta1.0
release/2.11.0.0beta1.1
release/2.11.0.0beta1.2
release/2.11.0.0beta1.3
release/2.11.0.0beta1.4
release/2.11.0.0beta1.5
release/2.11.0.0beta2.0
release/2.11.0.0beta2.1
release/2.11.0.0beta2.2
release/2.11.0.0beta2.3
release/2.11.0.0beta2.4
release/2.11.0.0beta2.5
release/2.11.0.0beta2.6
release/2.11.0.0beta2.8
release/2.11.0.0beta2.9
release/2.11.0.0rc1.0
release/2.11.0.0rc1.1
release/2.11.0.0rc1.2
release/2.11.0.0rc1.3
release/2.11.0.0rc1.4
release/2.11.0.0rc1.5
release/2.11.0.0rc1.7
release/2.11.0.1
release/2.11.0.10
release/2.11.0.11
release/2.11.0.2
release/2.11.0.3
release/2.11.0.4
release/2.11.0.5
release/2.11.0.6
release/2.11.0.7
release/2.11.0.8
release/2.11.0.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "15.0"
            },
            {
                "fixed": "15.0.66"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "16.0"
            },
            {
                "fixed": "16.0.89"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-57819.json"