CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2019-19006	High	26.9%	SangomaFreePBX	Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.	Feb 3, 2026	KEV
CVE-2025-64328(1)	High	50.8%	SangomaFreePBX	Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to potentially obtain remote access to the system as an asterisk user.	Feb 3, 2026	KEV
CVE-2025-57819	High	70.5%	SangomaFreePBX	Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.	Aug 29, 2025	KEV

CVE-2019-19006KEV

High

Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin.

SangomaEPSS 26.9%

CVE-2025-64328KEV

High

Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to potentially obtain remote access to the system as an asterisk user.

SangomaEPSS 50.8%

CVE-2025-57819KEV

High

Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution.

SangomaEPSS 70.5%