CVE-2025-67736

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-67736

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67736.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-67736

Aliases

GHSA-632c-49p9-x7cw

Published

2025-12-16T00:23:05.775Z

Modified

2026-03-13T03:42:13.223055Z

Severity

8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Authenticated SQL Injection in FreePBX tts (Text To Speech) module

Details

The FreePBX module tts (Text to Speech) for FreePBX, an open-source web-based graphical user interface (GUI) that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to the Administrator Control Panel (ACP) can leverage this SQL injection vulnerability to extract sensitive information from the database and execute code on the system as the asterisk user with chained elevation to root privileges. Users should upgrade to version 16.0.5 or 17.0.5 to receive a fix.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/67xxx/CVE-2025-67736.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ]
}

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "16.0"
            },
            {
                "fixed": "16.0.5"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "17.0"
            },
            {
                "fixed": "17.0.5"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-67736.json"