CVE-2025-59429
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-10-16
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freepbx | freepbx | 17.0.18.38 |
| freepbx | freepbx | 16.0.68.39 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-59429 is a reflected cross-site scripting (XSS) vulnerability in the Asterisk HTTP Status page exposed by FreePBX versions prior to 16.0.68.39 for FreePBX 16 and prior to 17.0.18.38 for FreePBX 17. This vulnerability allows unauthenticated attackers to inject malicious scripts that can steal cookies from logged-in administrative users, enabling session hijacking. Attackers can then gain control over the FreePBX admin interface, access sensitive data, modify system configurations, create backdoor accounts, and disrupt services. [1]
How can this vulnerability impact me? :
This vulnerability can lead to a full compromise of the FreePBX administrative interface. An attacker who exploits it can hijack admin sessions by stealing cookies, which allows them to access sensitive data, change system settings, create unauthorized accounts, and cause service disruptions. This can severely impact the security and availability of your FreePBX system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if port 8088 is exposed to hostile networks while an administrator is logged into the Administrator Control Panel (ACP). Reviewing webserver access logs for suspicious activity related to the Asterisk HTTP Status page is recommended. You can use commands like 'netstat -tuln | grep 8088' to check if port 8088 is listening on non-localhost interfaces. Additionally, inspecting webserver logs (e.g., using 'grep' on access logs) for unusual requests to the HTTP Status page can help identify exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating FreePBX to version 16.0.68.39 or later for FreePBX 16, or version 17.0.18.38 or later for FreePBX 17. Additionally, restrict the HTTP Status page binding to localhost by setting the 'HTTP Bind Address' to 127.0.0.1 in the Advanced Settings, then apply the configuration and restart the Asterisk process. Always log out promptly from the Administrator Control Panel to invalidate sessions and prevent reuse of stolen cookies. Also, prevent unauthorized network access to port 8088 using VPNs, firewalls, or similar network controls. [1]