Multiple vulnerabilities have been identified in the open-source FreePBX platform, including a critical authentication bypass and security flaws that could lead to remote code execution. These issues have been patched in recent versions, but users are advised to follow specific best practices for mitigation. #FreePBX #AuthBypass
Keypoints
- A critical vulnerability in FreePBX allows an attacker to bypass authentication under certain configurations.
- Several other flaws include SQL injection and file upload vulnerabilities that can lead to arbitrary command execution.
- The authentication bypass is inactive in default setups but can be exploited if specific settings are enabled.
- The vulnerabilities have been addressed in versions 16.0.92, 17.0.6, 16.0.44, and 17.0.23 released in late 2025.
- Users are advised to reconfigure settings to use βusermanagerβ authentication type and avoid βwebserverβ for better security.
Read More: https://thehackernews.com/2025/12/freepbx-authentication-bypass-exposed.html