216.73.216.197

CVE-2024-58294

· Published 11/12/2025 22:15 · Modified 15/12/2025 17:10

Labels: CVE-2024-58294 2025-12-11CVE-2024-58294[email protected]

Essential information

Published
11/12/2025 22:15
Modified
15/12/2025 17:10
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

FreePBX 16 contains an authenticated remote code execution vulnerability in the API module that allows attackers with valid session credentials to execute arbitrary commands. Attackers can exploit the 'generatedocs' endpoint by crafting malicious POST requests with bash command injection to establish remote shell access.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
sangoma / freepbx cpe:2.3:a:sangoma:freepbx:16.0:*:*:*:*:*:*:*

References