28.08.2025
2 min
1
556
Sangoma company warned about zero vulnerability in FreePBX, which is already being used by hackers for attacks. All systems where the admin panel is openly accessible from the Internet are at risk.
FreePBX is a popular open-source platform based on Asterisk, which is used by businesses, call centers and providers to manage telephony. On August 21, attackers began to actively exploit the vulnerability in the admin panel.
Among the signs of compromise:
the absence or modification of the file /etc/freepbx.conf,
the appearance of the script /var/www/html/.clean.sh,
suspicious entries in the Apache logs for modular.php,
unusual calls to the extension 9998,
unauthorized accounts in the ampusers table.
The first to confirm the incident were users who reported compromised servers with thousands of SIP extensions and hundreds of trunks. Hackers were able to execute any commands on behalf of the Asterisk user.
Sangoma has already released an EDGE fix for the modules, and they promise to distribute a full patch in the coming hours. However, those who cannot upgrade due to an expired support contract are advised to close access to the ACP and check the systems for signs of hacking.
FreePBX is actively used around the world due to its flexibility and free model. However, its openness and popularity make the platform an attractive target for attacks. Similar incidents have already occurred in the past, when vulnerabilities in VoIP systems led to theft of funds through fraudulent calls.
This time, the scale is serious: companies report thousands of compromised accounts and possible financial losses due to international traffic. This once again confirms that open administration interfaces without protection are a critical security flaw.
The exploitation of the zero-level vulnerability in FreePBX highlights the need to promptly update systems, carefully monitor logs, and isolate critical panels from the Internet. Administrators are advised to immediately apply the update or disable access to the ACP to avoid further compromises.
