FreePBX vulnerable to unauthenticated Denial of Service_CVE-2025-59056

6.6 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:L/U:Red

Description

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.

Basic Information

ID CVE-2025-59056

Source GitHub_M

Published Sep 15, 2025 at 21:04

Affected Product

Vendor FreePBX

Product security-reporting

Version < 15.0.38

Affected Versions FreePBX security-reporting < 15.0.38
FreePBX security-reporting >= 16.0.0, < 16.0.41
FreePBX security-reporting >= 17.0.0, < 17.0.21

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.",
    "published": "2025-09-15T21:04:07.875Z",
    "modified": "2025-09-15T21:04:07.875Z",
    "type": "cve",
    "title": "FreePBX vulnerable to unauthenticated Denial of Service",
    "source": "GitHub_M",
    "references": "https://github.com/FreePBX/security-reporting/security/advisories/GHSA-frc2-jhgg-rwpr\nhttps://github.com/FreePBX/framework/blame/release/17.0/amp_conf/htdocs/admin/ajax.php#L18",
    "id": "CVE-2025-59056",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "FreePBX security-reporting < 15.0.38\nFreePBX security-reporting >= 16.0.0, < 16.0.41\nFreePBX security-reporting >= 17.0.0, < 17.0.21",
    "sourceHref": "",
    "cvss": {
        "score": 6.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/AU:Y/R:U/V:D/RE:L/U:Red",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security-reporting",
    "version": "< 15.0.38",
    "vendor": "FreePBX",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}