🚨 CVE-2025-64328 (CVSS 8.6): FreePBX Administration GUI is Vulnerable to Authenticated Command Injection FreePBX is vulnerable to authenticated command injection in the Endpoint Manager’s filestore module via `testconnection → check_ssh_connect()`, allowing attackers to execute arbitrary commands and gain remote access as the asterisk user. Search by vul.cve Filter 👉 vul.cve="CVE-2025-64328" ZoomEye Dork 👉 app="FreePBX" 74k exposed instances. ZoomEye Link: zoomeye.ai/searchResult?q=dn… Refer: github.com/FreePBX/security-… #ZoomEye #NetSec #OSINT #CyberSecurity #FreePBX #VoIPSecurity #VulnerabilityResearch #TelecomSec

Sebastiaan Groot & Frank Cozijnsen (KPN) fuzzed a Steering of Roaming component and turned a crash into remote code execution, even across operator boundaries. Watch here: youtu.be/JxkcG7bbxGw?si=V-FQ… #Orangecon #TelecomSec #ExploitResearch