CVE-2025-64328

Name: CVE-2025-64328
Creator: NVD / NIST
Published: 2025-11-07T04:15:47.397+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.6/10Actively ExploitedEPSS 84.42%

Last modified Jun 17, 2026

CVE-2025-64328 is a high-severity vulnerability rated 8.6/10 on the CVSS scale. FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. CISA has confirmed active exploitation in the wild. EPSS estimates a 84.42% chance of exploitation in the next 30 days.

Description

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.

Metrics

CVSS 3.1

7.2/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS 4.0

8.6/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

84.42%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Feb 24, 2026.

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions
Sangoma	Filestore	>= 17.0.2.36, < 17.0.3

References

https://github.com/FreePBX/filestore/blob/f0e3983059271efd80b483ec823310ef19a59013/drivers/SSH/testconnection.php#L2Product
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvwVendor Advisory, Mitigation
https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-64328Third Party Advisory, US Government Resource
https://www.fortinet.com/blog/threat-research/unveiling-the-weaponized-web-shell-encystphpExploit, Third Party Advisory

Timeline

Published: Nov 7, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-64328?

How severe is CVE-2025-64328?

CVE-2025-64328 has a CVSS score of 8.6/10 (HIGH severity). The EPSS model estimates a 84.42% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2025-64328?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-64328?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST