This repository contains Nuclei templates for detecting three critical vulnerabilities in FreePBX:
- CVE-2025-61675: Authenticated SQL Injection (CVSS 8.6) - Affects endpoint module
- CVE-2025-61678: Authenticated Arbitrary File Upload (CVSS 8.6) - Affects endpoint module
- CVE-2025-66039: Authentication Bypass (CVSS 9.3) - Affects framework module
- FreePBX 16: < 16.0.92 (patched in 16.0.92)
- FreePBX 17: < 17.0.6 (patched in 17.0.6)
- FreePBX 16: < 16.0.44 (patched in 16.0.44)
- FreePBX 17: < 17.0.23 (patched in 17.0.23)
These templates detect vulnerable FreePBX instances by:
- Extracting the FreePBX version from the administration panel
- Comparing the version against known vulnerable version ranges
- Confirming the presence of FreePBX-specific identifiers
The detection is non-invasive and does not attempt to exploit the vulnerabilities.
- Download and install Nuclei.
- Clone this repository to your local system.
- Run a single template:
nuclei -u <target-url> -t CVE-2025-61675.yaml- Run all templates:
nuclei -u <target-url> -t .- Scan multiple hosts:
nuclei -l hosts.txt -t .[CVE-2025-61675] [http] [high] FreePBX Authenticated SQL Injection
[CVE-2025-61678] [http] [high] FreePBX Authenticated Arbitrary File Upload
[CVE-2025-66039] [http] [critical] FreePBX Authentication Bypass
Use at your own risk, I will not be responsible for illegal activities you conduct on infrastructure you do not own or have permission to scan.
This project is licensed under the MIT License.
If you have any questions about this vulnerability detection script please reach out to me via Signal.
If you would like to connect, I am mostly active on Twitter/X and LinkedIn.