CVE-2025-64328

HIGH
2025-11-07 [email protected]
8.6
CVSS 4.0
Share

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

4
Analysis Generated
Mar 28, 2026 - 19:20 vuln.today
Added to CISA KEV
Feb 24, 2026 - 19:30 cisa
CISA KEV
PoC Detected
Feb 24, 2026 - 19:30 vuln.today
Public exploit code
CVE Published
Nov 07, 2025 - 04:15 nvd
HIGH 8.6

Tags

Command Injection Firestore

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

Analysis

FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands.

Technical Context

The CWE-78 command injection in check_ssh_connect passes user input to shell commands during SSH connection testing.

Affected Products

['FreePBX Endpoint Manager 17.0.2.36 and above before 17.0.3']

Remediation

Update Endpoint Manager. Strengthen admin credentials. Monitor for unauthorized command execution.

Priority Score

113
Low Medium High Critical
KEV: +50
EPSS: +81.9
CVSS: +43
POC: +20

Share

CVE-2025-64328 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy