CVE-2025-62173 | FreePBX up to 16.0.40/17.0.5 REST API sql injection (GHSA-q3h9-fmpr-vpfw)

December 4, 2025 Yanac

A vulnerability was found in FreePBX up to 16.0.40/17.0.5. It has been rated as critical. This affects an unknown function of the component REST API. This manipulation causes sql injection.

This vulnerability appears as CVE-2025-62173. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More