CVE-2025-67736
BaseFortify
Publication date: 2025-12-16
Last updated on: 2025-12-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| sangoma | freepbx | From 16.0 (inc) to 16.0.5 (exc) |
| sangoma | freepbx | From 17.0 (inc) to 17.0.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-67736 is an authenticated SQL injection vulnerability in the FreePBX tts (Text To Speech) module affecting versions prior to 16.0.5 and 17.0.5. Authenticated users with administrator access to the Administrator Control Panel (ACP) can exploit this flaw by injecting malicious SQL commands due to improper input sanitization. This allows them to extract sensitive information from the database and execute arbitrary code on the system as the 'asterisk' user, which can then be escalated to root privileges through chained elevation. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing an attacker with administrative access to extract sensitive database information and execute arbitrary code on the affected system. The attacker can gain control as the 'asterisk' user and escalate privileges to root, potentially compromising the entire system and its data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves verifying the version of the FreePBX tts module installed. Since the vulnerability affects versions prior to 16.0.5 and 17.0.5, checking the module version is critical. Additionally, monitoring for unusual SQL queries or unexpected database access patterns by authenticated administrators could indicate exploitation attempts. Specific commands are not provided in the resources, but generally, you can check the module version via the FreePBX GUI or by running commands to query installed module versions on the system. For example, using FreePBX CLI commands or inspecting module files. However, no explicit detection commands are detailed in the provided resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the FreePBX tts module to version 16.0.5 or 17.0.5 or later, where the SQL injection vulnerability is patched. Ensuring that only trusted administrators have access to the Administrator Control Panel (ACP) is also important, as the vulnerability requires administrative access to exploit. Applying timely updates and patches is critical to prevent exploitation. [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows authenticated administrators to perform SQL injection attacks that can extract sensitive information from the database and execute code with root privileges. Such unauthorized access and potential data breaches could lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding sensitive information and ensuring system integrity. Therefore, exploitation of this vulnerability could result in violations of these standards due to compromised confidentiality and control over sensitive data. [1]