CyberSecurityBoard
Sponsor Register Login

FreePBX SQL Injection Vulnerability Exposes Systems to Attack

FreePBX, a widely used open-source PBX platform, has been found vulnerable to a critical SQL injection flaw. This vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access, system compromise, and disruption of telephony services. The flaw stems from insufficient input validation in FreePBX's web interface, which cybercriminals can exploit to manipulate backend databases. Organizations using FreePBX are urged to apply security patches immediately and implement robust monitoring to detect suspicious activities. This incident highlights the importance of securing VoIP infrastructure against injection attacks, which remain a prevalent threat vector in telecommunications environments. The FreePBX community and security teams are actively working on mitigation strategies and updates to prevent exploitation. Users should also review their system logs and access controls to minimize exposure. Staying informed about such vulnerabilities is crucial for maintaining operational integrity and protecting sensitive communication data from cyber threats.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 09 Oct 2025 00:15:13 +0000


Cyber News related to FreePBX SQL Injection Vulnerability Exposes Systems to Attack

CVE-2025-59429 - FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The ...
3 weeks ago
CVE-2025-61675 - FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains authenticated SQL injection ...
3 weeks ago
FreePBX SQL Injection Vulnerability Exposes Systems to Attack - FreePBX, a widely used open-source PBX platform, has been found vulnerable to a critical SQL injection flaw. This vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access, system compromise, ...
1 month ago Cybersecuritynews.com CVE-2023-XXXX
CVE-2025-61678 - FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file ...
3 weeks ago
FreePBX servers hacked via zero-day, emergency fix released - FreePBX, a widely used open-source PBX platform, recently faced a critical security incident where attackers exploited a zero-day vulnerability to compromise servers. This vulnerability allowed unauthorized access and control over affected systems, ...
2 months ago Bleepingcomputer.com CVE-2023-3519
Attack Vector vs Attack Surface: The Subtle Difference - Cybersecurity discussions about "Attack vectors" and "Attack surfaces" sometimes use these two terms interchangeably. This article guides you through the distinctions between attack vectors and attack surfaces to help you better understand the two ...
2 years ago Trendmicro.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning - Our structured query language (SQL) injection detection model detected triggers containing unusual patterns that did not correlate to any known open-source or commercial automated vulnerability scanning tool. We have tested all malicious payloads ...
1 year ago Unit42.paloaltonetworks.com
FreePBX Servers Targeted by Zero-Day Exploit in the Wild - FreePBX, a widely used open-source PBX platform, has been targeted by a critical zero-day vulnerability actively exploited by attackers. This vulnerability allows remote code execution, putting thousands of servers at risk globally. The exploit ...
2 months ago Thehackernews.com CVE-2025-12345
FreePBX Servers Hacked in 0-Day Attack - FreePBX, a widely used open-source PBX software, has been targeted in a recent zero-day attack that compromised numerous servers globally. The attackers exploited an unpatched vulnerability to gain unauthorized access, leading to potential data ...
2 months ago Cybersecuritynews.com CVE-2023-38831
Forget Deepfakes or Phishing: Prompt Injection is GenAI's Biggest Problem - Cybersecurity professionals and technology innovators need to be thinking less about the threats from GenAI and more about the threats to GenAI from attackers who know how to pick apart the design weaknesses and flaws in these systems. Chief among ...
1 year ago Darkreading.com
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
1 year ago Cyberdefensemagazine.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
CVE-2024-53564 - A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with ...
11 months ago
CVE-2025-57819 - FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database ...
2 months ago
SQL Injection Vulnerability Patched in Tutor LMS WordPress Plugin - On February 15th, 2024, during our second Bug Bounty Extravaganza, we received a submission for an authenticated SQL Injection vulnerability in Tutor LMS, a WordPress plugin with more than 80,000+ active installations. Props to Muhammad Hassham ...
1 year ago Wordfence.com
7 Best Attack Surface Management Software for 2024 - Attack surface management is a relatively new cybersecurity technology that combines elements of vulnerability management and asset discovery with the automation capabilities of breach and attack simulation and applies them to an organization's ...
1 year ago Esecurityplanet.com
Openssh Flaw Exposes Millions of Linux to Arbitrary Code Attacks - A critical vulnerability has been discovered in OpenSSH, a widely used implementation of the SSH protocol, which could potentially expose millions of Linux systems to arbitrary code execution attacks. The flaw, identified in the sshd(8) component of ...
1 year ago Cybersecuritynews.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
1 year ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
1 year ago Helpnetsecurity.com
Smart Home Security Essentials: Protecting What Matters Most - Smart home security systems provide homeowners with the ability to keep their personal and property safe from intruders, theft, and other potential threats. This article will discuss different types of smart home security systems, benefits, setting ...
1 year ago Securityzap.com Meow
Rogue AI: What the Security Community is Missing | Trend Micro (US) - Are threat actors, or Malicious Rogue AI, targeting your AI systems to create subverted Rogue AI? Are they targeting your enterprise in general? And are they using your resources, their own, or a proxy whose AI has been subverted. The truth is that ...
1 year ago Trendmicro.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)