CVE-2025-61675 is an authenticated SQL injection vulnerability identified in the Endpoint Manager module of FreePBX, a widely used open-source telephony platform. The flaw exists in versions prior to 16.0.92 for FreePBX 16 and prior to 17.0.6 for FreePBX 17. It affects multiple input parameters within the basestation, model, firmware, and custom extension configuration functionalities. An attacker with valid credentials can exploit improper neutralization of special SQL elements to inject arbitrary SQL commands. This can lead to unauthorized data disclosure, modification, or deletion within the FreePBX database, potentially compromising the confidentiality and integrity of telephony configuration and user data. The vulnerability requires authentication but no additional user interaction, and the attack surface is significant due to the multiple affected parameters. The CVSS 4.0 score of 8.6 reflects high severity, with network attack vector, low attack complexity, and high impact on confidentiality and integrity. No known exploits have been reported in the wild as of the publication date. The vendor has released patches in versions 16.0.92 and 17.0.6 to remediate the issue.

For European organizations, the impact of CVE-2025-61675 can be substantial, especially for enterprises and service providers relying on FreePBX for telephony endpoint management. Successful exploitation could lead to unauthorized access to sensitive telephony configuration data, enabling attackers to intercept calls, manipulate call routing, or disrupt telephony services. This could result in operational downtime, loss of business continuity, and exposure of confidential communications. Given the critical role of telephony in business operations and emergency services, the vulnerability could also affect regulatory compliance and damage organizational reputation. The requirement for authentication limits exposure to insider threats or compromised credentials, but the ease of exploitation once authenticated increases risk. The absence of known exploits in the wild provides a window for proactive mitigation, but organizations should act swiftly to patch vulnerable systems.

European organizations should immediately upgrade FreePBX Endpoint Manager to version 16.0.92 or 17.0.6 or later to remediate the vulnerability. In addition to patching, organizations should enforce strong authentication policies, including multi-factor authentication (MFA) for all FreePBX users to reduce the risk of credential compromise. Regularly audit user accounts and permissions to ensure only authorized personnel have access to the Endpoint Manager module. Implement network segmentation to isolate telephony infrastructure from general IT networks, limiting exposure to potential attackers. Monitor logs for unusual SQL queries or access patterns indicative of exploitation attempts. Employ web application firewalls (WAFs) with SQL injection detection capabilities tailored to FreePBX traffic. Finally, maintain up-to-date backups of telephony configurations and databases to enable rapid recovery in case of compromise.