FreePBX Endpoint Manager’s Weak Default Password Allows Unauthenticated Access in...

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.

Basic Information

ID CVE-2025-67513

Source GitHub_M

Published Dec 10, 2025 at 22:43

Affected Product

Vendor FreePBX

Product security-reporting

Version < 16.0.96

Affected Versions FreePBX security-reporting < 16.0.96
FreePBX security-reporting >= 17.0.1, < 17.0.10

CWE Classification

CWE-521

References

github.com /FreePBX/security-reporting/security/advisories/GHSA-426v-c5p7-cp29

{
    "lastseen": "",
    "description": "FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. (This is the app_password parameter). Depending on local configuration, this password could be the extension, voicemail, user manager, DPMA or EPM phone admin password. This issue is fixed in versions 16.0.96 and 17.0.10.",
    "published": "2025-12-10T22:43:06.673Z",
    "modified": "2025-12-10T22:43:06.673Z",
    "type": "cve",
    "title": "FreePBX Endpoint Manager's Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API",
    "source": "GitHub_M",
    "references": "https://github.com/FreePBX/security-reporting/security/advisories/GHSA-426v-c5p7-cp29",
    "id": "CVE-2025-67513",
    "bulletinFamily": "",
    "cwe": [
        "CWE-521"
    ],
    "cvelist": null,
    "sourceData": "FreePBX security-reporting < 16.0.96\nFreePBX security-reporting >= 17.0.1, < 17.0.10",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "security-reporting",
    "version": "< 16.0.96",
    "vendor": "FreePBX",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

FreePBX Endpoint Manager’s Weak Default Password Allows Unauthenticated Access in Endpoint Module REST API_CVE-2025-67513