QwikSec

Security Database

CVE

CWE

Training

CVE-2025-55211

Published: Sep 15, 2025

Modified: Feb 13, 2026

PUBLISHED

Description

FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.

Vendor	Product	Versions
FreePBX	framework	affected `>= 17.0.19.11, < 17.0.21`

Weaknesses (CWE)

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-xg83-m6q5-q24h

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.