CVE-2025-57819 is a critical SQL Injection vulnerability (CWE-89) found in the security-reporting component of FreePBX, an open-source web-based GUI widely used for managing telephony systems. The vulnerability exists in FreePBX versions prior to 15.0.66, 16.0.89, and 17.0.3, where insufficient sanitization of user-supplied input allows unauthenticated attackers to inject malicious SQL commands. This flaw enables attackers to gain unauthorized access to the FreePBX Administrator interface, manipulate the underlying database arbitrarily, and potentially execute remote code on the server. The attack vector requires no authentication or user interaction, making it highly exploitable remotely over the network. The vulnerability impacts confidentiality by exposing sensitive configuration and call data, integrity by allowing alteration or deletion of database records, and availability by potentially disrupting telephony services through malicious commands. The CVSS 4.0 base score of 10 reflects the highest severity, with network attack vector, no required privileges or user interaction, and high impact on all security properties. Although no public exploits have been reported yet, the critical nature and ease of exploitation make this a significant threat. The vulnerability has been patched in the specified versions, and upgrading is strongly recommended. Given FreePBX's widespread deployment in enterprise and service provider environments, this vulnerability poses a substantial risk to telephony infrastructure security and operational continuity.

For European organizations, this vulnerability poses a severe risk to telephony infrastructure security, potentially leading to unauthorized access to sensitive call data, disruption of voice services, and compromise of administrative controls. The ability for unauthenticated attackers to execute arbitrary SQL commands and remote code can result in data breaches, service outages, and lateral movement within corporate networks. Organizations relying on FreePBX for critical communications, including government agencies, healthcare providers, financial institutions, and large enterprises, could face operational disruptions and regulatory compliance issues under GDPR due to data exposure. The impact extends beyond confidentiality to integrity and availability, threatening the reliability of telephony systems essential for business operations. Given the criticality and ease of exploitation, attackers could rapidly weaponize this vulnerability if exploited in the wild, increasing the urgency for European entities to remediate promptly.

1. Immediately upgrade FreePBX installations to versions 15.0.66, 16.0.89, or 17.0.3 or later to apply the official patch addressing this vulnerability. 2. Restrict network access to FreePBX administrative interfaces using firewalls and VPNs to limit exposure to trusted internal networks only. 3. Implement strict input validation and sanitization at the web application firewall (WAF) level to detect and block SQL injection attempts targeting FreePBX endpoints. 4. Monitor database logs and FreePBX audit trails for unusual queries or administrative actions indicative of exploitation attempts. 5. Employ network segmentation to isolate telephony infrastructure from general IT networks, reducing the attack surface and limiting lateral movement. 6. Conduct regular security assessments and penetration testing focused on telephony systems to identify and remediate potential weaknesses. 7. Educate IT and security teams about this vulnerability and ensure incident response plans include scenarios involving telephony system compromise. 8. Maintain up-to-date backups of FreePBX configurations and databases to enable rapid recovery in case of compromise.