CVE-2025-59056 is a path traversal vulnerability classified under CWE-22 affecting the FreePBX open-source telephony framework versions 15, 16, and 17 prior to their respective patched releases (15.0.38, 16.0.41, 17.0.21). FreePBX provides a web-based GUI for managing telephony modules. The vulnerability arises from improper validation and limitation of pathnames in the Administrator Control Panel web interface, allowing unauthenticated remote attackers to craft malicious requests that trigger the uninstall function of certain modules. This uninstall function deletes the module's database tables, which contain critical configuration data. The vulnerability requires no authentication, no user interaction, and can be exploited remotely over the network, making it highly accessible to attackers. The CVSS 4.0 base score is 6.6 (medium severity), reflecting the moderate impact on availability due to loss of module configurations but no direct confidentiality or integrity compromise beyond configuration loss. No known exploits have been reported in the wild yet. The vulnerability can cause significant disruption to telephony services relying on affected modules, potentially leading to downtime and operational impact. The flaw is fixed in FreePBX versions 15.0.38, 16.0.41, and 17.0.21, and users are strongly advised to upgrade. The vulnerability's root cause is improper limitation of pathname inputs, allowing path traversal attacks that bypass intended directory restrictions.

For European organizations, this vulnerability poses a risk of service disruption in telephony systems that rely on FreePBX, a widely used open-source PBX platform. The deletion of module database tables can lead to loss of configuration data, causing modules to malfunction or become unusable until restored. This can impact business communications, call routing, voicemail, and other telephony features critical for operations. Organizations in sectors such as finance, healthcare, government, and telecommunications, which depend heavily on reliable telephony infrastructure, may face operational downtime and potential financial losses. Additionally, recovery may require manual restoration from backups, increasing incident response costs and time. The lack of authentication requirement increases the attack surface, especially if the Administrator Control Panel is exposed to untrusted networks or the internet. Although no known exploits are reported in the wild, the ease of exploitation and impact on availability make this a significant threat to European enterprises using vulnerable FreePBX versions.

1. Immediately upgrade FreePBX installations to the fixed versions: 15.0.38, 16.0.41, or 17.0.21 depending on the version in use. 2. Restrict access to the Administrator Control Panel web interface by implementing network-level controls such as VPNs, IP whitelisting, or firewall rules to limit exposure to trusted administrators only. 3. Regularly back up FreePBX module configurations and databases to enable rapid restoration in case of compromise. 4. Monitor web server and application logs for suspicious requests targeting the uninstall function or unusual path traversal patterns. 5. Employ web application firewalls (WAFs) with rules to detect and block path traversal attempts. 6. Conduct periodic security assessments and vulnerability scans on telephony infrastructure to detect outdated or vulnerable FreePBX versions. 7. Educate administrators on the risks of exposing management interfaces publicly and enforce strong access controls. 8. Consider segmenting telephony management interfaces from general corporate networks to reduce attack surface.