CVE-2025-62173 is an authenticated SQL Injection vulnerability classified under CWE-89, affecting the security-reporting component of FreePBX, a popular open-source PBX telephony platform. The vulnerability exists in the Endpoint Module REST API, where insufficient neutralization of special SQL elements allows an attacker with high privileges to inject arbitrary SQL commands. This can lead to unauthorized reading, modification, or deletion of database records, impacting confidentiality and integrity. The vulnerability affects FreePBX versions prior to 16.0.41 and versions from 17.0.0 up to but not including 17.0.6. Exploitation requires authentication with high privileges but does not require user interaction, making it a direct threat once credentials are compromised or obtained. The CVSS v4.0 base score is 8.6, reflecting network attack vector, low attack complexity, no user interaction, and high impact on confidentiality and integrity, with limited impact on availability. No public exploits are known yet, but the vulnerability's presence in a critical telephony management system raises concerns about potential data breaches or service disruptions. The lack of official patches at the time of reporting necessitates immediate risk mitigation by users. The vulnerability’s exploitation could allow attackers to manipulate call records, user credentials, or configuration data, severely affecting organizational operations and privacy.

For European organizations, the impact of CVE-2025-62173 is significant due to FreePBX's widespread use in enterprise telephony and unified communications. Successful exploitation could lead to unauthorized access to sensitive call logs, user credentials, and configuration settings, resulting in data breaches and potential regulatory non-compliance under GDPR. Integrity of telephony data could be compromised, enabling attackers to manipulate call routing or intercept communications. Availability impact is limited but could occur if database corruption or deletion is performed. The requirement for high privilege authentication means insider threats or credential compromise are primary risk vectors. Disruption or compromise of telephony infrastructure can affect business continuity, customer service, and internal communications, which are critical for many sectors including finance, healthcare, and government. The vulnerability also increases the attack surface for advanced persistent threats targeting European organizations’ communications infrastructure.

Organizations should immediately upgrade FreePBX installations to versions later than 16.0.41 or 17.0.6 where the vulnerability is patched. Until patches are available, restrict access to the Endpoint Module REST API to trusted administrators only, ideally via network segmentation and firewall rules. Implement strict authentication controls, including multi-factor authentication for administrative accounts, to reduce risk of credential compromise. Conduct thorough input validation and sanitization on all API inputs if custom modifications exist. Monitor logs for unusual API activity or database queries indicative of injection attempts. Regularly audit user privileges to ensure least privilege principles are enforced. Employ Web Application Firewalls (WAFs) with SQL injection detection capabilities to provide an additional layer of defense. Finally, maintain an incident response plan tailored to telephony infrastructure compromise scenarios.