← Back

CVE-2025-59056

nvd nist
Published: Sep 15, 2025Modified: Oct 17, 2025

JSON object

Loading...
6.6
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:Red
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:D/RE:L/U:RedShow less
Source: security-advisories@github.com (Secondary)

Description

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.

Affected (3)

Products: Sangoma: Freepbx
Sangoma
1 product
Freepbx
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Sangoma
Freepbx
From 15.0 to 15.0.38
Freepbx
From 16.0 to 16.0.41
Freepbx
From 17.0 to 17.0.21

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (2)

Source: security-advisories@github.com
Product
Source: security-advisories@github.com
MitigationThird Party Advisory

Timeline

No history available yet.