关联漏洞
标题:
FreePBX 安全漏洞
(CVE-2025-57819)
描述:FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 15.0.66版本和17.0.3之前版本存在安全漏洞,该漏洞源于用户数据清理不足,可能导致未经验证访问管理员界面及远程代码执行。
描述
This is repository contains a script to check for current IOCs listed in the freepbx forum topic of the CVE-2025-57819
介绍
# CVE-2025-57819-ioc-check
## Description
CVE-2024-6387-ioc-check is a lightweight, efficient tool designed to identify IoCs on freepbx servers with any of `endpoint < 15.0.66, endpoint < 16.0.89, endpoint < 17.0.3` modules installed.
This script facilitates rapid checking of multiple IoCs to detect potential compromises and ensure your infrastructure is secure.
## Usage
```bash
curl "https://raw.githubusercontent.com/Sucuri-Labs/CVE-2025-57819-ioc-check/refs/heads/main/check.sh" -o /tmp/check.sh
cat /tmp/check.sh
bash /tmp/check.sh
```
## Mitigation
> Users should upgrade to the latest supported versions of FreePBX (currently 15, 16, and 17) and confirm that the installed "endpoint" module meets the minimum patched versions. Systems not configured for automatic updates, or those wishing to manually update, can do so via the Administrator Control Panel menu Admin -> Module Admin or via generic command line method of updating all modules:
>
> `$ fwconsole ma upgradeall`
>
> Then checking for the "endpoint" module version number:
>
> `$ fwconsole ma list | grep endpoint`
>
> Further steps, including suggestions for IOC inspection and Firewall configuration, as well as corner-case considerations, are available in the FreePBX Community Forums under the "Security Advisory: Please Lock Down Your Administrator Access" topic at https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
Source: [Authentication Bypass Leading to SQL Injection and RCE](https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h)
## References
[Security Advisory: Please Lock Down Your Administrator Access](https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203)
[Authentication Bypass Leading to SQL Injection and RCE](https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h)
文件快照
[4.0K] /data/pocs/a21cc95a7714ef04be0565746a705f9cbd7794fa
├── [1.4K] check.sh
├── [1.0K] LICENSE
└── [1.9K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。