Share
## https://sploitus.com/exploit?id=85E0C274-8A93-50F0-84B0-BD44A56790DF
# FreePBX-Multiple-CVEs-2025

This repository documents three security vulnerabilities discovered in FreePBX (CVE-2025-66039, CVE-2025-61678, CVE-2025-61675), including analysis, impact, and proof-of-concept details for security research and awareness purposes.

## Description CVEs
๐Ÿ”ด CVE-2025-61675

A security flaw in FreePBX resulting from improper handling of user-controlled input. This issue may allow an attacker to influence application functionality and potentially impact overall system security.

๐Ÿ”ด CVE-2025-61678

FreePBX contains an input validation vulnerability that may allow attackers to manipulate application behavior. Successful exploitation could affect confidentiality and integrity depending on the attack vector used.

๐Ÿ”ด CVE-2025-66039

This vulnerability in FreePBX is caused by improper access control, allowing an attacker to perform unauthorized actions. Exploitation of this issue can lead to security risks impacting the integrity of the affected FreePBX system.


### This repository contains Nuclei templates for detecting three critical vulnerabilities in FreePBX:

- **CVE-2025-61675**: Authenticated SQL Injection (CVSS 8.6) - Affects endpoint module
- **CVE-2025-61678**: Authenticated Arbitrary File Upload (CVSS 8.6) - Affects endpoint module
- **CVE-2025-66039**: Authentication Bypass (CVSS 9.3) - Affects framework module

##  Affected Versions

### CVE-2025-61675 & CVE-2025-61678 (endpoint module)
- **FreePBX 16**:  How does this detection method work?

These templates detect vulnerable FreePBX instances by:
1. Extracting the FreePBX version from the administration panel
2. Comparing the version against known vulnerable version ranges
3. Confirming the presence of FreePBX-specific identifiers

The detection is non-invasive and does not attempt to exploit the vulnerabilities.


##  How do I run this script?

1. Download and install [Nuclei](https://github.com/projectdiscovery/nuclei).
2. Clone this repository to your local system.
3. Run a single template:

#### Authenticated SQL Injection 

```
nuclei -u https://example.com -t CVE-2025-61675.yaml
```
#### Check multiple domain and Subdomain
```
nuclei -l subdomain.txt -t CVE-2025-61675.yaml
```

#### Authenticated Arbitrary File Upload
```sh
nuclei -u https://example.com -t CVE-2025-61678.yaml
```
#### Check multiple domain and Subdomain
```
nuclei -l subdomain.txt -t CVE-2025-61678.yaml
```

#### Authentication Bypass Check
```sh
nuclei -u https://example.com -t CVE-2025-66039.yaml
```
#### Check multiple domain and Subdomain
```
nuclei -l subdomain.txt -t CVE-2025-66039.yaml
```
### Example Output

```
[CVE-2025-61675] [http] [high] FreePBX Authenticated SQL Injection
[CVE-2025-61678] [http] [high] FreePBX Authenticated Arbitrary File Upload
[CVE-2025-66039] [http] [critical] FreePBX Authentication Bypass
```

##  References

- [CVE-2025-61675 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-61675)
- [CVE-2025-61678 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-61678)
- [CVE-2025-66039 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-66039)
- [Nuclei - ProjectDiscovery](https://github.com/projectdiscovery/nuclei)


##  Disclaimer

Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.

---