Vulnerability in Freepbx Api

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, FreePBX module api (PBX API) is vulnerable to privilege escalation by authenticated users with REST/GraphQL API access…

EPSS: 0.001 (17.9th percentile) — read the EPSS interpretation.

Affected products

Freepbx Api — versions >= 15.0.1alpha1, < 16.0.17, >= 17.0.0, < 17.0.5

Weakness classification (CWE)

CWE-270 — Privilege Context Switching Error

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-gvgh-p7wj-76cf (x_refsource_CONFIRM)
https://github.com/FreePBX/api/commit/bc6f7d72063cffb18babb6559fa351046d7ad19b (x_refsource_MISC)
https://github.com/FreePBX/api/commit/c16a3a79b83382fb4884e51174882ed635637002 (x_refsource_MISC)
https://github.com/FreePBX/api/commit/d66786634e7e7d3eedcb4d0931b32c415ba6e9ef (x_refsource_MISC)