H3-2025-0055

FreePBX Authentication Bypass File Upload RCE

Description

This series of vulnerabilities were discovered by Horizon3.ai researchers and responsibly disclosed to FreePBX as 0-days. H3-2025-0055 combines an authentication bypass to upload a file to the FreePBX server, which then gives remote code execution.

Impact

Unauthenticated attackers with access to the FreePBX server can upload a file to the server which then gives remote code execution.

References

• Vendor Advisory GHSA-9jvh-mv6x-w698
• Vendor Advisory GHSA-7p8x-8m3m-58j9
• NVD: CVE-2025-66039
• NVD: CVE-2025-61678