Cybersecurity

Freepbx Patches Critical Sqli, File-upload, And Authtype Bypass...

2025-12-15 0 views admin
Freepbx Patches Critical Sqli, File-upload, And Authtype Bypass...

Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations.

The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below -

It's worth mentioning here that the authentication bypass is not vulnerable in the default configuration of FreePBX, given that the "Authorization Type" option is only displayed when the three following values in the Advanced Settings Details are set to "Yes":

However, once the prerequisite is met, an attacker could send crafted HTTP requests to sidestep authentication and insert a malicious user into the "ampusers" database table, effectively accomplishing something similar to CVE-2025-57819, another flaw in FreePBX that was disclosed as having been actively exploited in the wild in September 2025.

"These vulnerabilities are easily exploitable and enable authenticated/unauthenticated remote attackers to achieve remote code execution on vulnerable FreePBX instances," Horizon3.ai security researcher Noah King said in a report published last week.

The issues have been addressed in the following versions -

In addition, the option to choose an authentication provider has now been removed from Advanced Settings and requires users to set it manually through the command-line using fwconsole. As temporary mitigations, FreePBX has recommended that users set "Authorization Type" to "usermanager," set "Override Readonly Settings" to "No," apply the new configuration, and reboot the system to disconnect any rogue sessions.

"If you did find that web server AUTHTYPE was enabled inadvertently, then you should fully analyze your system for signs of any potential compromise," it said.

Users are also displayed a warning on the dashboard, stating "webserver" may offer reduced security compared to "usermanager." For optimal protection, it's advised to avoid using this authentication type.

"It's important to note that the underlying vulnerable code is still present and relies on authentication layers in front to provide security and access to the FreePBX instance," King said. "It still requires passing an Authorization header with a Basic base64 encoded username:password."

Source: The Hacker News

🏷️ Tags

securitycveattackexploit

More from Cybersecurity

Soundcloud Confirms Breach After Member Data Stolen, VPN Access...

Soundcloud Confirms Breach After Member Data Stolen, VPN Access...

2025-12-16 0
Google Is Shutting Down Its Dark Web Report Feature In January

Google Is Shutting Down Its Dark Web Report Feature In January

2025-12-15 0
Askul Confirms Theft Of 740k Customer Records In Ransomware Attack

Askul Confirms Theft Of 740k Customer Records In Ransomware Attack

2025-12-15 0
New Santastealer Malware Steals Data From Browsers, Crypto Wallets

New Santastealer Malware Steals Data From Browsers, Crypto Wallets

2025-12-15 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views