CVE-2025-55211
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-15

Last updated on: 2025-10-17

Assigner: GitHub, Inc.

Description
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-15
Last Modified
2025-10-17
Generated
2026-06-16
AI Q&A
2025-09-16
EPSS Evaluated
2026-06-14
NVD
CVE-2025-55211
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
sangoma freepbx From 17.0.19.11 (inc) to 17.0.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in FreePBX versions from 17.0.19.11 to before 17.0.21 allows authenticated users of the Administrator Control Panel (ACP) to execute arbitrary shell commands by maliciously changing the languages of the framework module. This means an attacker with ACP access can run commands on the server, potentially compromising the system. The issue is fixed in version 17.0.21.

Impact Analysis

If exploited, this vulnerability can allow an attacker with ACP access to execute arbitrary shell commands on the FreePBX server. This can lead to unauthorized control over the system, data compromise, service disruption, or further attacks within the network.

Mitigation Strategies

Upgrade FreePBX to version 17.0.21 or later, as this version contains the fix for the vulnerability allowing authenticated Administrator Control Panel users to run arbitrary shell commands by changing languages in the framework module.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55211. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart