FreePBX, when restapps (aka Rest Phone Apps) 15.0.19.87, 15.0.19.88, 16.0.18.40, or 16.0.18.41 is installed, allows remote attackers to execute arbitrary code, as exploited in the wild in December 2021. The fixed versions are 15.0.20 and 16.0.19.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSangoma Freepbx
APPSangomawszystkie wersjeSangoma Pbxact
APPSangomawszystkie wersjeSangoma Restapps
APPSangoma15.0.19.8715.0.19.8816.0.18.4016.0.18.41
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
References
Related vulnerabilities
CVE-2025-57819CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Krytyczna podatność RCE i SQL injection w Sangoma FreePBX (bez uwierzytelnienia)
CVE-2019-19006CRITICAL9.8⚠ KEVten sam produkt
Sangoma FreePBX 115.0.16.26 and below, 14.0.13.11 and below, 13.0.197.13 and below have Incorrect Access Contr...
CVE-2026-46376CRITICAL9.3PL ✓ten sam produkt
FreePBX UCP: dostęp bez uwierzytelnienia przez wbudowane dane logowania
CVE-2025-66039CRITICAL9.3PL ✓ten sam produkt
FreePBX Endpoint Manager — pominięcie uwierzytelnienia (Auth Bypass)
CVE-2020-10666CRITICAL9.8ten sam produkt
The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0.19.2 allo...