QwikSec

Security Database

CVE

CWE

Training

CVE-2025-59056

Published: Sep 15, 2025

Modified: Feb 13, 2026

PUBLISHED

Description

FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.

Vendor	Product	Versions
FreePBX	framework	affected `< 15.0.38` affected `>= 16.0.0, < 16.0.41` affected `>= 17.0.0, < 17.0.21`

Weaknesses (CWE)

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-frc2-jhgg-rwpr

x_refsource_CONFIRM

https://github.com/FreePBX/framework/blame/release/17.0/amp_conf/htdocs/admin/ajax.php#L18

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.