Which versions of Firestore are affected by CVE-2025-64328?

Organizations using FreePBX systems. In face significant risk from CVE-2025-64328, a OS command injection vulnerability rated CVSS 8.6.

Is there a public PoC exploit available for CVE-2025-64328?

Yes, a public proof-of-concept exploit is available for CVE-2025-64328. Prioritise patching immediately. EPSS: 81.9%.

How to fix or mitigate CVE-2025-64328?

Within 24 hours: Identify all affected systems running FreePBX systems. In and apply vendor patches immediately. Validate that input sanitization is in place for all user-controlled parameters.

Firestore CVE-2025-64328

Q: What is the CVSS score of CVE-2025-64328?

CVE-2025-64328 has a CVSS 4.0 base score of 8.6 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 81.9%.

HIGH

OS Command Injection (CWE-78)

2025-11-07 security-advisories@github.com

Command Injection Firestore

8.6

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

8.6 HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 19:20 vuln.today

Added to CISA KEV

Feb 24, 2026 - 19:30 cisa

CISA KEV

PoC Detected

Feb 24, 2026 - 19:30 vuln.today

Public exploit code

CVE Published

Nov 07, 2025 - 04:15 nvd

HIGH 8.6

DescriptionGitHub Advisory

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

AnalysisAI

FreePBX Endpoint Manager contains a post-authentication command injection via the testconnection/check_ssh_connect function, allowing authenticated users to execute OS commands.

Technical ContextAI

The CWE-78 command injection in check_ssh_connect passes user input to shell commands during SSH connection testing.

RemediationAI

Update Endpoint Manager. Strengthen admin credentials. Monitor for unauthorized command execution.

CVE-2025-64328 vulnerability details – vuln.today

Back