H3-2025-0056

FreePBX Authentication Bypass SQL Injection

Description

This series of vulnerabilities were discovered by Horizon3.ai researchers and responsibly disclosed to FreePBX as 0-days. H3-2025-0056 combines an authentication bypass to perform SQL injection on the FreePBX server. This allows an attacker read/write permissions to the database.

Impact

Unauthenticated attackers with access to the FreePBX server can perform SQL injection on the server which then gives read/write permissions to the database.

References

• Vendor Advisory GHSA-9jvh-mv6x-w698
• Vendor Advisory GHSA-292p-rj6h-54cp
• NVD: CVE-2025-66039
• NVD: CVE-2025-61675