CVE-2025-64328

HIGH CISA KEV EPSS 99.7%

Published Nov 7, 20257mo ago · Modified Jun 17, 20261w ago

8.6 CVSS 4.0

High

Find Similar

Published Nov 7, 2025 7mo ago

Last Modified Jun 17, 2026 1w ago

KEV Listed Feb 3, 2026 4mo ago

KEV Due Feb 24, 2026 126d overdue

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

CVSS Details

Base Score

8.6

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope X

Threat Intelligence

CISA Known Exploited Overdue 126d

Added: Feb 3, 2026
Due: Feb 24, 2026

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

EPSS Exploit Probability

99.7% percentile

Exploit & Patch Status

Actively Exploited (KEV)

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

Affected Products 1

Vendor	Product	Version	Range
sangoma	filestore	*	≥17.0.2.36 – <17.0.3

References 5

github.com https://github.com/FreePBX/filestore/blob/f0e3983059271efd80b483ec823310ef19a59013/drivers/SSH/testconnection.php#L2

Product
github.com https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw

Vendor AdvisoryMitigation
cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64328

Third Party AdvisoryUS Government Resource
fortinet.com https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphp

ExploitThird Party Advisory
freepbx.org https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.