Vulnerability Description
The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command execution as the asterisk user. Authentication with a known username is required. Updating to Endpoint Manager 16.0.92 or 17.0.6 addresses the issue.
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-59051?
CVE-2025-59051 is a documented vulnerability. The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 ...
How severe is CVE-2025-59051?
CVSS scoring is not yet available for CVE-2025-59051. Check NVD for updates.
Is there a patch for CVE-2025-59051?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.