关联漏洞
标题:
FreePBX 安全漏洞
(CVE-2025-57819)
描述:FreePBX(前称Asterisk Management Portal)是FreePBX项目的一套通过GUI(基于网页的图形化接口)配置Asterisk(IP电话系统)的工具。 FreePBX 15.0.66版本和17.0.3之前版本存在安全漏洞,该漏洞源于用户数据清理不足,可能导致未经验证访问管理员界面及远程代码执行。
描述
CVE-2025-57819
介绍
# 🚨 CVE-2025-57819 — Critical FreePBX Vulnerability
### 🔎 Overview
* Affects **FreePBX 15, 16, and 17** (endpoint modules).
* Cause: **Improper sanitization of user input** → leads to **authentication bypass + SQL injection → possible Remote Code Execution (RCE)**.
* **Severity**:
* CVSS v4: 🔴 **10.0 (Critical)**
* CVSS v3.1: 🔴 **9.8 (Critical)**
* CVSS v2: 🔴 **10.0 (Critical)**
* **Actively exploited in the wild** since late **August 2025**.
---
### 📅 Timeline
* **Before Aug 21, 2025** → Attacks observed in the wild.
* **Aug 28, 2025** → FreePBX issued a public security advisory.
* **Aug 29, 2025** → CISA added it to the **Known Exploited Vulnerabilities** list (patch deadline: Sep 19, 2025).
* **Sep 2, 2025** → NVD published full details.
---
### ⚠️ Affected Versions
* **Vulnerable**:
* FreePBX < 15.0.66
* FreePBX < 16.0.89
* FreePBX < 17.0.3
* **Fixed in**:
* 15.0.66
* 16.0.89
* 17.0.3
---
### 🕵️ Indicators of Compromise (IoCs)
Check your system for:
* Missing or modified **`/etc/freepbx.conf`**
* Suspicious script **`/var/www/html/.clean.sh`**
* Strange POST requests to **`modular.php`**
* Calls to extension **9998** in logs
* Unknown or shady **`ampusers`** database entries
---
### 🛡️ Mitigation Steps
1. **Patch immediately** ⬆️ to the fixed versions.
2. **Restrict access** 🔒 — block public exposure of the FreePBX admin panel.
3. **Monitor logs** 📜 — look for IoCs above.
4. **Rebuild & reset credentials** 🔑 if compromise suspected (use backups from before Aug 21, 2025).
5. **Follow CISA guidance** if under U.S. federal compliance.
---
### ✅ Key Takeaway
This is a **critical, actively exploited zero-day**. If your FreePBX is internet-exposed and not patched, **assume compromise**. Patch now, lock down access, and investigate thoroughly.
---
### 🖥️ How do I run this script?
1 - Download Nuclei from kali linux
```
┌──(kali㉿kali)-[~]
└─$ sudo apt install nuclei
```
2 - Copy the template to your local system
3 - Run the following command: nuclei -u `https://yourHost.com` -t CVE-2025-57819.yaml
---
### ⚙️ Usage:
```
┌──(kali㉿kali)-[~]
└─$ sudo python3 Blackash-CVE-2025-57819 10.10.10.10
```
<img width="1197" height="496" alt="bug2" src="https://github.com/user-attachments/assets/ceab5888-ee4f-414a-9ad5-de491b2c91e4" />
---
### ⚠️ Disclaimer:
The information provided here about FreePBX, CVEs, ports, and security practices is for **educational and informational purposes only**. It is **not professional security advice**. Any actions you take based on this information are **at your own risk**.
You should:
* Always follow official vendor documentation and advisories.
* Apply patches and updates directly from the FreePBX/Asterisk project.
* Consult with a qualified cybersecurity professional before making security or configuration changes in production environments.
I do **not guarantee completeness or accuracy**, especially since vulnerabilities and mitigations evolve quickly.
---
文件快照
[4.0K] /data/pocs/b555ef5c38c4cf0b4ff68f76f3c48b5d4d3e2b43
├── [ 14K] Blackash-CVE-2025-57819
├── [1.1K] CVE-2025-57819.yaml
└── [3.0K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。