Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 24, 2026

CVE-2025-64328

High
EPSS 50.8%CISA KEV
Sangoma/FreePBX

Description

Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to potentially obtain remote access to the system as an asterisk user.

EPSS — Exploit Probability

50.8%

Higher than 97.8% of all CVEs

Required Action

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw ; https://nvd.nist.gov/vuln/detail/CVE-2025-64328

Related Articles (1)

Industry News

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

Feb 27, 2026

Risk Assessment

HIGH
In CISA KEV
High EPSS

Details

Severity
High
EPSS
50.8%
CISA KEV
Yes
Ransomware
Unknown
Articles
1

Timeline

Published

Feb 3, 2026

Added to KEV

Feb 3, 2026

Remediation Due

Feb 24, 2026

Affected Product

Sangoma

FreePBX

View all Sangoma CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE