CVE-2025-55739
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freepbx | freepbx | 17.0.3 |
| freepbx | freepbx | 15.0.13 |
| freepbx | freepbx | 16.0.15 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
| CWE-522 | The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-55739 is a vulnerability in the FreePBX API module where an identical OAuth private key was used across multiple systems installed with the same FreePBX RPM or DEB package. This shared private key allows an attacker who obtains it to forge JSON Web Tokens (JWTs), bypass authentication, and gain unauthorized full access to both REST and GraphQL APIs on affected systems. The issue affects versions prior to 15.0.13, 16.0.15, and 17.0.3, and impacts systems with the 'api' module enabled and configured for remote inbound connections. [2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with access to the shared OAuth private key to bypass authentication and gain full access to the FreePBX API, including both REST and GraphQL interfaces. This means the attacker could potentially control the PBX system remotely, manipulate configurations, intercept or redirect calls, and access sensitive telephony data. The attack requires low privileges and no user interaction, making it relatively easy to exploit if the key is obtained. It poses high risks to confidentiality, integrity, and availability of the affected system. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves checking for signs of unauthorized access using forged JWT tokens. You should review FreePBX API logs for unknown users, extensions, trunks, or call records that indicate potential misuse. Additionally, verify if your system is running a vulnerable version of the FreePBX API module (versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1, or 17.0.2). There is no specific command provided for detection, but reviewing logs and verifying module versions are key steps. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the FreePBX API module to a fixed version (15.0.13, 16.0.15, or 17.0.3 or later) which generates unique OAuth private keys per system. After updating, regenerate all JWT tokens as old tokens become invalid. Run the `fwconsole chown` command to set proper permissions on the updated key files. Also, verify API client compatibility with new tokens and check logs for any signs of prior unauthorized access. If using the Advanced Recovery module, update it to the latest version to maintain compatibility. [2, 1]