CVE-2025-64328

Over 900 Sangoma FreePBX instances remain compromised after attackers exploited CVE-2025-64328, a critical command injection vulnerability. Update to version 17.0.3 immediately.

Severity

high

CVSS Score

8.6 / 10

Published

Feb 28, 2026

Affected Products

›If you run FreePBX version 17.0.2.36 or earlier

Full Analysis

900+ FreePBX Phone Systems Hacked via Critical Command Injection Flaw

Deep-dive: technical breakdown, real-world impact, complete remediation steps, and expert context.

Read the full report →

← All threat reports All articles