CVE-2025-64328 Scanner

FreePBX is a widely used open-source telephony management software utilized by IT professionals and organizations to manage communications systems. This software is employed in environments where robust telephony systems and IP-PBX solutions are required. It is used to facilitate VoIP (Voice over IP) services, enabling functionalities like call routing, voicemail, and conferencing in telecommunications networks. Designed for scalability, it handles various network configurations, serving small businesses to large enterprises. With its flexible architecture, FreePBX integrates with numerous telephony hardware and software, making it a popular choice in telecommunications. By enabling extensive customization and plugin support, FreePBX allows organizations to tailor telephony services to specific needs.

Command Injection vulnerability in FreePBX allows attackers to execute arbitrary system commands within the vulnerable application. This vulnerability arises due to improper input validation, permitting execution of unauthorized commands through system interfaces by attackers. Exploited through specially crafted input sent to the vulnerable endpoints, it enables unauthorized access to system functionalities. Command Injection is critical as it can lead to full system compromise if successfully exploited by malicious actors. This vulnerability often targets the backend systems where user-supplied input is improperly sanitized or validated. By taking advantage of this flaw, attackers can manipulate the system to perform malicious actions.

In FreePBX Endpoint Manager, the vulnerability is located in the command execution path within the filestore module. Specifically, it resides in the testconnection check_ssh_connect() function where improper sanitization allows attackers to inject arbitrary commands. The vulnerability requires authentication, exploiting the function when specific parameters are crafted maliciously. Endpoints that are affected include the SSH driver functionalities where malicious input can bypass intended restrictions. The vulnerability primarily affects authenticated users due to its exploitation path and parameter manipulation within the SSH connections. By leveraging insecure administrative functionalities, attackers can exploit this to gain unauthorized command execution capabilities.

If exploited, a Command Injection vulnerability in FreePBX can lead to severe security implications, allowing attackers to execute arbitrary commands on the system. This could result in unauthorized access to sensitive data, disruption of service, or complete system takeover by malicious actors. The ease of exploitation, combined with potential high impact on system integrity, makes this a critical vulnerability. Once compromised, it can facilitate further attacks, including data exfiltration, malware deployment, and lateral movement within networks. The impact on organizational operations could be significant, leading to service outages and potential data breaches. Immediate action is crucial to remediate and mitigate the associated risks.

REFERENCES

• https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw
• https://theyhack.me/CVE-2025-64328-FreePBX-Authenticated-Command-Injection/
• https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalog