Vulnerability in Freepbx Endpoint

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forc…

EPSS: 0.001 (16.6th percentile) — read the EPSS interpretation.

Affected products

Freepbx Endpoint — versions < 16.0.96, >= 17.0.1, < 17.0.10

Weakness classification (CWE)

CWE-521 — Weak Password Requirements

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-426v-c5p7-cp29 (x_refsource_CONFIRM)