CVE-2025-67722 – This CVE describes an authenticated local privi... (How to Fix)

Q: What is the severity of CVE-2025-67722?

CVE-2025-67722 has a CVSS score of 7.8 (HIGH). This CVE describes an authenticated local privilege escalation vulnerability in FreePBX's deprecated amportal startup script. Attackers who are members of the asterisk group can create malicious files that execute with root permissions when amportal runs. This affects FreePBX installations prior to versions 16.0.45 and 17.0.24.

📋 TL;DR

This CVE describes an authenticated local privilege escalation vulnerability in FreePBX's deprecated amportal startup script. Attackers who are members of the asterisk group can create malicious files that execute with root permissions when amportal runs. This affects FreePBX installations prior to versions 16.0.45 and 17.0.24.

💻 Affected Systems

Products:

FreePBX

Versions: All versions prior to 16.0.45 and 17.0.24

Operating Systems: Linux systems running FreePBX

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems where users are members of the asterisk group and the deprecated amportal script is used.

📦 What is this software?

Freepbx by Sangoma

View all CVEs affecting Freepbx →

Freepbx by Sangoma

View all CVEs affecting Freepbx →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise where an authenticated attacker gains root privileges, potentially leading to full control of the FreePBX server and adjacent systems.

🟠

Likely Case

Local privilege escalation allowing attackers to execute arbitrary code as root, modify system configurations, and access sensitive data.

🟢

If Mitigated

Limited impact with proper group membership controls and file monitoring in place.

🌐 Internet-Facing: LOW - This requires authenticated access and local system access.

🏢 Internal Only: HIGH - Internal users with asterisk group membership can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access and membership in the asterisk group.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 16.0.45 and 17.0.24

Vendor Advisory: https://github.com/FreePBX/security-reporting/security/advisories/GHSA-p42w-v77m-hfp8

Restart Required: Yes

Instructions:

1. Update FreePBX framework to version 16.0.45 or 17.0.24 or later. 2. Restart affected services. 3. Verify the update was successful.

🔧 Temporary Workarounds

Remove unauthorized asterisk group members

linux

Review and remove any untrusted users from the asterisk group

grep '^asterisk:' /etc/group
sudo usermod -G <group1>,<group2> username

Monitor /etc/asterisk directory

linux

Regularly check for suspicious files in the vulnerable directory

ls -la /etc/asterisk/
find /etc/asterisk/ -type f -name 'freepbx_engine'

🧯 If You Can't Patch

Review and restrict asterisk group membership to trusted users only
Monitor /etc/asterisk directory for unauthorized file creation and set strict permissions

🔍 How to Verify

Check if Vulnerable:

Check FreePBX version and verify if users are in asterisk group: fwconsole ma list | grep framework && grep '^asterisk:' /etc/group

Check Version:

fwconsole ma list | grep framework

Verify Fix Applied:

Verify FreePBX framework version is 16.0.45+ or 17.0.24+: fwconsole ma list | grep framework

📡 Detection & Monitoring

Log Indicators:

Unexpected file creation in /etc/asterisk/
Suspicious amportal script execution

Network Indicators:

None - this is a local privilege escalation

SIEM Query:

File creation events in /etc/asterisk/ directory or amportal process execution

📊 Metadata

CVE ID: CVE-2025-67722

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-426

EPSS Score: 0.01% exploit probability (1.3th percentile)

Published: December 16, 2025

Last Updated: December 18, 2025

🔗 References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-p42w-v77m-hfp8 Vendor Advisory
https://www.freepbx.org/watch-what-we-do-with-security-fixes-%f0%9f%91%80 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-67722, you might also want to check these: