Vulnerability in Freepbx Api

CVE-2025-55739

api is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions lower than 15.0.13, 16.0.2 through 16.0.14, 17.0.1 and 17.0.2, there is an identical OAuth private key used across multiple sy…

EPSS: 0.001 (25.3th percentile) — read the EPSS interpretation.

Affected products

Freepbx Api — versions < 15.0.13, >= 16.0.2, < 16.0.15, >= 17.0.1, < 17.0.3

Weakness classification (CWE)

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-3r47-p39v-vqqf (x_refsource_CONFIRM)
https://github.com/FreePBX/api/commit/305295aad38322c74cffd75bf550707dfb1a64a2 (x_refsource_MISC)