{"id":"CVE-2025-59429","summary":"FreePBX core module vulnerable to reflected cross-site scripting via Asterisk HTTP Status page","details":"FreePBX is an open source GUI for managing Asterisk. In versions prior to 16.0.68.39 for FreePBX 16 and versions prior to 17.0.18.38 for FreePBX 17, a reflected cross-site scripting vulnerability is present on the Asterisk HTTP Status page. The Asterisk HTTP status page is exposed by FreePBX and is available by default on version 16 via any bound IP address at port 8088. By default on version 17, the binding is only to localhost IP, making it significantly less vulnerable. The vulnerability can be exploited by unauthenticated attackers to obtain cookies from logged-in users, allowing them to hijack a session of an administrative user. The theft of admin session cookies allows attackers to gain control over the FreePBX admin interface, enabling them to access sensitive data, modify system configurations, create backdoor accounts, and cause service disruption. This issue has been patched in version 16.0.68.39 for FreePBX 16 and version 17.0.18.38 for FreePBX 17.","aliases":["GHSA-c8g7-475j-fwcc"],"modified":"2026-04-10T05:33:21.666Z","published":"2025-10-14T19:26:02.072Z","database_specific":{"cwe_ids":["CWE-79"],"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59429.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59429.json"},{"type":"ADVISORY","url":"https://github.com/FreePBX/security-reporting/security/advisories/GHSA-c8g7-475j-fwcc"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-59429"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freepbx/core","events":[{"introduced":"0"},{"fixed":"54d2c83be0c0d6e1b14cf97a9cc0705478807a25"},{"introduced":"ff2b01b5f37c41e53bd774ec5f9dd15b07e2dd50"},{"fixed":"02a1f0d3783bd8f0f5d26a0db45df7b487dc366d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"16.0.68.39"},{"introduced":"17.0.1"},{"fixed":"17.0.18.38"}]}}],"versions":["release/12.0.1alpha11","release/12.0.1alpha12","release/12.0.1alpha16","release/12.0.1alpha17","release/12.0.1alpha18","release/12.0.1alpha19","release/12.0.1alpha2","release/12.0.1alpha20","release/12.0.1alpha21","release/12.0.1alpha22","release/12.0.1alpha23","release/12.0.1alpha24","release/12.0.1alpha25","release/12.0.1alpha3","release/12.0.1alpha4","release/12.0.1alpha5","release/12.0.1alpha6","release/12.0.1alpha7","release/12.0.1alpha9","release/12.0.1beta10","release/12.0.1beta11","release/12.0.1beta3","release/12.0.1beta4","release/12.0.1beta5","release/12.0.1beta6","release/12.0.1beta7","release/12.0.1beta8","release/12.0.1beta9","release/12.0.1rc1","release/12.0.1rc2","release/12.0.1rc3","release/12.0.1rc4","release/12.0.1rc6","release/12.0.1rc7","release/13.0.10","release/13.0.11","release/13.0.13","release/13.0.14","release/13.0.15","release/13.0.16","release/13.0.17","release/13.0.18","release/13.0.19","release/13.0.1RC1.0","release/13.0.1RC1.1","release/13.0.1RC1.10","release/13.0.1RC1.11","release/13.0.1RC1.12","release/13.0.1RC1.13","release/13.0.1RC1.14","release/13.0.1RC1.15","release/13.0.1RC1.16","release/13.0.1RC1.2","release/13.0.1RC1.3","release/13.0.1RC1.4","release/13.0.1RC1.5","release/13.0.1RC1.6","release/13.0.1RC1.7","release/13.0.1RC1.8","release/13.0.1RC1.9","release/13.0.1alpha10","release/13.0.1alpha11","release/13.0.1alpha12","release/13.0.1alpha13","release/13.0.1alpha14","release/13.0.1alpha15","release/13.0.1alpha16","release/13.0.1alpha17","release/13.0.1alpha18","release/13.0.1alpha19","release/13.0.1alpha2","release/13.0.1alpha20","release/13.0.1alpha21","release/13.0.1alpha3","release/13.0.1alpha34","release/13.0.1alpha5","release/13.0.1alpha6","release/13.0.1alpha7","release/13.0.1alpha8","release/13.0.1alpha9","release/13.0.1beta1","release/13.0.1beta1.10","release/13.0.1beta1.11","release/13.0.1beta1.12","release/13.0.1beta1.13","release/13.0.1beta1.14","release/13.0.1beta1.15","release/13.0.1beta1.16","release/13.0.1beta1.17","release/13.0.1beta1.18","release/13.0.1beta1.19","release/13.0.1beta1.2","release/13.0.1beta1.20","release/13.0.1beta1.21","release/13.0.1beta1.22","release/13.0.1beta1.23","release/13.0.1beta1.24","release/13.0.1beta1.25","release/13.0.1beta1.26","release/13.0.1beta1.27","release/13.0.1beta1.28","release/13.0.1beta1.29","release/13.0.1beta1.3","release/13.0.1beta1.4","release/13.0.1beta1.5","release/13.0.1beta1.6","release/13.0.1beta1.7","release/13.0.1beta1.8","release/13.0.1beta1.9","release/13.0.2","release/13.0.20","release/13.0.21","release/13.0.22","release/13.0.23","release/13.0.24","release/13.0.25","release/13.0.26","release/13.0.27","release/13.0.28","release/13.0.29","release/13.0.3","release/13.0.30","release/13.0.31","release/13.0.33","release/13.0.34","release/13.0.35","release/13.0.36","release/13.0.37","release/13.0.38","release/13.0.38.1","release/13.0.38.2","release/13.0.39","release/13.0.4","release/13.0.40","release/13.0.41","release/13.0.42","release/13.0.43","release/13.0.44","release/13.0.45","release/13.0.46","release/13.0.47","release/13.0.48","release/13.0.49","release/13.0.5","release/13.0.50","release/13.0.51","release/13.0.52","release/13.0.53","release/13.0.54","release/13.0.55","release/13.0.56","release/13.0.57","release/13.0.58","release/13.0.59","release/13.0.6","release/13.0.60","release/13.0.61","release/13.0.62","release/13.0.63","release/13.0.65","release/13.0.66","release/13.0.67","release/13.0.68","release/13.0.69","release/13.0.7","release/13.0.70","release/13.0.71","release/13.0.72","release/13.0.73","release/13.0.74","release/13.0.75","release/13.0.76","release/13.0.77","release/13.0.78","release/13.0.79","release/13.0.8","release/13.0.80","release/13.0.81","release/13.0.82","release/13.0.83","release/13.0.84","release/13.0.85","release/13.0.86","release/13.0.9","release/14.0.1","release/14.0.1.1","release/14.0.1.10","release/14.0.1.11","release/14.0.1.12","release/14.0.1.13","release/14.0.1.14","release/14.0.1.15","release/14.0.1.16","release/14.0.1.17","release/14.0.1.18","release/14.0.1.19","release/14.0.1.2","release/14.0.1.21","release/14.0.1.22","release/14.0.1.23","release/14.0.1.24","release/14.0.1.25","release/14.0.1.3","release/14.0.1.4","release/14.0.1.5","release/14.0.1.7","release/14.0.1.8","release/14.0.1.9","release/14.0.1alpha1","release/14.0.1alpha10","release/14.0.1alpha11","release/14.0.1alpha12","release/14.0.1alpha13","release/14.0.1alpha14","release/14.0.1alpha15","release/14.0.1alpha16","release/14.0.1alpha2","release/14.0.1alpha3","release/14.0.1alpha4","release/14.0.1alpha5","release/14.0.1alpha6","release/14.0.1alpha7","release/14.0.1alpha8","release/14.0.1alpha9","release/14.0.1beta10","release/14.0.1beta2","release/14.0.1beta3","release/14.0.1beta4","release/14.0.1beta5","release/14.0.1beta7","release/14.0.1beta8","release/14.0.1beta9","release/14.0.1rc1","release/14.0.1rc1.1","release/14.0.1rc1.10","release/14.0.1rc1.11","release/14.0.1rc1.12","release/14.0.1rc1.2","release/14.0.1rc1.3","release/14.0.1rc1.4","release/14.0.1rc1.5","release/14.0.1rc1.6","release/14.0.1rc1.7","release/14.0.1rc1.8","release/14.0.1rc1.9","release/14.0.2","release/14.0.3","release/15.0.1alpha2","release/15.0.1alpha3","release/15.0.1beta1","release/15.0.1beta2","release/15.0.1beta3","release/15.0.1beta4","release/15.0.1beta5","release/15.0.1beta6","release/15.0.1beta7","release/15.0.1beta8","release/15.0.2","release/15.0.3.1","release/15.0.3.10","release/15.0.3.11","release/15.0.3.13","release/15.0.3.14","release/15.0.3.15","release/15.0.3.16","release/15.0.3.17","release/15.0.3.18","release/15.0.3.19","release/15.0.3.2","release/15.0.3.20","release/15.0.3.21","release/15.0.3.22","release/15.0.3.23","release/15.0.3.24","release/15.0.3.25","release/15.0.3.26","release/15.0.3.27","release/15.0.3.3","release/15.0.3.4","release/15.0.3.5","release/15.0.3.6","release/15.0.3.8","release/15.0.3.9","release/15.0.4","release/15.0.5","release/15.0.6","release/15.0.7","release/15.0.8","release/15.0.9","release/15.0.9.1","release/15.0.9.10","release/15.0.9.11","release/15.0.9.12","release/15.0.9.13","release/15.0.9.14","release/15.0.9.15","release/15.0.9.16","release/15.0.9.17","release/15.0.9.18","release/15.0.9.19","release/15.0.9.2","release/15.0.9.21","release/15.0.9.22","release/15.0.9.23","release/15.0.9.24","release/15.0.9.25","release/15.0.9.26","release/15.0.9.27","release/15.0.9.28","release/15.0.9.29","release/15.0.9.30","release/15.0.9.31","release/15.0.9.32","release/15.0.9.33","release/15.0.9.34","release/15.0.9.35","release/15.0.9.36","release/15.0.9.37","release/15.0.9.38","release/15.0.9.39","release/15.0.9.4","release/15.0.9.40","release/15.0.9.41","release/15.0.9.42","release/15.0.9.43","release/15.0.9.44","release/15.0.9.45","release/15.0.9.46","release/15.0.9.47","release/15.0.9.48","release/15.0.9.49","release/15.0.9.5","release/15.0.9.50","release/15.0.9.51","release/15.0.9.52","release/15.0.9.53","release/15.0.9.54","release/15.0.9.55","release/15.0.9.56","release/15.0.9.57","release/15.0.9.58","release/15.0.9.59","release/15.0.9.6","release/15.0.9.60","release/15.0.9.61","release/15.0.9.62","release/15.0.9.63","release/15.0.9.64","release/15.0.9.65","release/15.0.9.66","release/15.0.9.67","release/15.0.9.68","release/15.0.9.69","release/15.0.9.7","release/15.0.9.8","release/15.0.9.9","release/16.0.10","release/16.0.11","release/16.0.12","release/16.0.13","release/16.0.14","release/16.0.15","release/16.0.16","release/16.0.17","release/16.0.18","release/16.0.19","release/16.0.20","release/16.0.21","release/16.0.22","release/16.0.23","release/16.0.24","release/16.0.25","release/16.0.26","release/16.0.27","release/16.0.28","release/16.0.29","release/16.0.3","release/16.0.30","release/16.0.31","release/16.0.32","release/16.0.33","release/16.0.34","release/16.0.35","release/16.0.36","release/16.0.37","release/16.0.38","release/16.0.39","release/16.0.4","release/16.0.40","release/16.0.41","release/16.0.42","release/16.0.43","release/16.0.44","release/16.0.45","release/16.0.46","release/16.0.47","release/16.0.48","release/16.0.49","release/16.0.5","release/16.0.50","release/16.0.51","release/16.0.52","release/16.0.53","release/16.0.54","release/16.0.55","release/16.0.56","release/16.0.56.10","release/16.0.56.11","release/16.0.56.12","release/16.0.56.13","release/16.0.56.14","release/16.0.56.15","release/16.0.56.16","release/16.0.56.17","release/16.0.56.18","release/16.0.56.19","release/16.0.56.2","release/16.0.56.20","release/16.0.56.21","release/16.0.56.22","release/16.0.56.23","release/16.0.56.24","release/16.0.56.25","release/16.0.56.26","release/16.0.56.27","release/16.0.56.28","release/16.0.56.29","release/16.0.56.3","release/16.0.56.30","release/16.0.56.31","release/16.0.56.32","release/16.0.56.33","release/16.0.56.34","release/16.0.56.35","release/16.0.56.36","release/16.0.56.37","release/16.0.56.4","release/16.0.56.5","release/16.0.56.6","release/16.0.56.9","release/16.0.57","release/16.0.58","release/16.0.59","release/16.0.6","release/16.0.60","release/16.0.61","release/16.0.62","release/16.0.63","release/16.0.63.1","release/16.0.63.2","release/16.0.63.3","release/16.0.63.4","release/16.0.63.5","release/16.0.63.6","release/16.0.63.7","release/16.0.63.8","release/16.0.64","release/16.0.65","release/16.0.65.1","release/16.0.65.11","release/16.0.65.12","release/16.0.65.13","release/16.0.65.14","release/16.0.65.15","release/16.0.65.16","release/16.0.65.17","release/16.0.65.18","release/16.0.65.19","release/16.0.65.2","release/16.0.65.20","release/16.0.65.21","release/16.0.65.22","release/16.0.65.3","release/16.0.65.4","release/16.0.65.5","release/16.0.65.6","release/16.0.65.7","release/16.0.65.8","release/16.0.65.9","release/16.0.66","release/16.0.66.1","release/16.0.66.2","release/16.0.66.3","release/16.0.67","release/16.0.68","release/16.0.68.1","release/16.0.68.10","release/16.0.68.11","release/16.0.68.12","release/16.0.68.13","release/16.0.68.14","release/16.0.68.15","release/16.0.68.16","release/16.0.68.17","release/16.0.68.18","release/16.0.68.19","release/16.0.68.2","release/16.0.68.20","release/16.0.68.21","release/16.0.68.22","release/16.0.68.23","release/16.0.68.24","release/16.0.68.25","release/16.0.68.26","release/16.0.68.27","release/16.0.68.28","release/16.0.68.29","release/16.0.68.3","release/16.0.68.30","release/16.0.68.31","release/16.0.68.32","release/16.0.68.33","release/16.0.68.34","release/16.0.68.35","release/16.0.68.36","release/16.0.68.37","release/16.0.68.38","release/16.0.68.4","release/16.0.68.5","release/16.0.68.6","release/16.0.68.7","release/16.0.68.8","release/16.0.68.9","release/16.0.7","release/16.0.8","release/16.0.9","release/17.0.1","release/17.0.10","release/17.0.11","release/17.0.12","release/17.0.13","release/17.0.14","release/17.0.15","release/17.0.16","release/17.0.17","release/17.0.18","release/17.0.18.1","release/17.0.18.10","release/17.0.18.11","release/17.0.18.12","release/17.0.18.13","release/17.0.18.14","release/17.0.18.15","release/17.0.18.16","release/17.0.18.17","release/17.0.18.18","release/17.0.18.19","release/17.0.18.2","release/17.0.18.20","release/17.0.18.21","release/17.0.18.22","release/17.0.18.23","release/17.0.18.24","release/17.0.18.25","release/17.0.18.26","release/17.0.18.27","release/17.0.18.28","release/17.0.18.29","release/17.0.18.3","release/17.0.18.30","release/17.0.18.31","release/17.0.18.32","release/17.0.18.33","release/17.0.18.34","release/17.0.18.35","release/17.0.18.36","release/17.0.18.37","release/17.0.18.4","release/17.0.18.5","release/17.0.18.6","release/17.0.18.7","release/17.0.18.8","release/17.0.18.9","release/17.0.6","release/17.0.7","release/17.0.8","release/17.0.9","release/17.0.9.1","release/17.0.9.10","release/17.0.9.11","release/17.0.9.12","release/17.0.9.13","release/17.0.9.14","release/17.0.9.15","release/17.0.9.16","release/17.0.9.17","release/17.0.9.18","release/17.0.9.19","release/17.0.9.2","release/17.0.9.20","release/17.0.9.21","release/17.0.9.22","release/17.0.9.23","release/17.0.9.24","release/17.0.9.25","release/17.0.9.26","release/17.0.9.27","release/17.0.9.28","release/17.0.9.29","release/17.0.9.3","release/17.0.9.30","release/17.0.9.31","release/17.0.9.32","release/17.0.9.33","release/17.0.9.34","release/17.0.9.35","release/17.0.9.36","release/17.0.9.37","release/17.0.9.38","release/17.0.9.39","release/17.0.9.4","release/17.0.9.40","release/17.0.9.41","release/17.0.9.42","release/17.0.9.43","release/17.0.9.44","release/17.0.9.45","release/17.0.9.46","release/17.0.9.47","release/17.0.9.48","release/17.0.9.49","release/17.0.9.5","release/17.0.9.50","release/17.0.9.51","release/17.0.9.52","release/17.0.9.53","release/17.0.9.54","release/17.0.9.55","release/17.0.9.56","release/17.0.9.57","release/17.0.9.59","release/17.0.9.6","release/17.0.9.60","release/17.0.9.61","release/17.0.9.62","release/17.0.9.63","release/17.0.9.64","release/17.0.9.65","release/17.0.9.66","release/17.0.9.67","release/17.0.9.68","release/17.0.9.69","release/17.0.9.7","release/17.0.9.70","release/17.0.9.71","release/17.0.9.72","release/17.0.9.73","release/17.0.9.74","release/17.0.9.75","release/17.0.9.76","release/17.0.9.77","release/17.0.9.8","release/17.0.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59429.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"}]}