Zero-Day Vulnerability in FreePBX Actively Exploited, Urgent Patching Required

The Sangoma FreePBX Security Team has issued an advisory regarding an actively exploited zero-day vulnerability in FreePBX, a widely used open-source Private Branch Exchange (PBX) system. The vulnerability affects systems with an exposed Admin Control Panel (ACP) to the public internet. FreePBX is utilized by businesses, call centers, and service providers for managing voice communications. The exposure of the ACP to the internet poses a significant risk, as attackers can exploit this vulnerability to gain unauthorized access, potentially leading to eavesdropping, unauthorized call routing, or complete system takeover. Given the widespread use of FreePBX, the impact of this vulnerability is substantial, affecting numerous organizations that rely on this system for their communication needs. Organizations using FreePBX are strongly advised to immediately check if their ACP is exposed to the internet and apply any available patches or mitigations. Additional security measures, such as restricting access to trusted IP addresses and implementing network segmentation and intrusion detection systems, should also be considered to mitigate the risk of exploitation. This zero-day vulnerability underscores the importance of maintaining robust security practices, particularly for systems that manage critical communication infrastructure.