漏洞描述
FreePBX backdoor cleanup script used in 0-day exploitation of CVE-2025-57819 was detected.
freepbx-cleanup-backdoor: FreePBX - CVE-2025-57819 Backdoor
PoC代码[已公开]
id: freepbx-cleanup-backdoor
info:
name: FreePBX - CVE-2025-57819 Backdoor
severity: high
author: darses
description: |
FreePBX backdoor cleanup script used in 0-day exploitation of CVE-2025-57819 was detected.
metadata:
verified: true
max-request: 1
vendor: sangoma
product: freepbx
shodan-query:
- http.title:"FreePBX"
- http.favicon.hash:-1908328911
- http.favicon.hash:1574423538
fofa-query:
- title="FreePBX"
- icon_hash="-1908328911"
- icon_hash="1574423538"
reference:
- https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
tags: backdoor,sangoma,freepbx,vuln
http:
- method: GET
path:
- "{{BaseURL}}/.clean.sh"
matchers-condition: and
matchers:
- type: word
words:
- "LOGS"
- "Processing file"
- "sed -i --follow-symlinks"
- "/var/log/asterisk/freepbx_security.log"
condition: and
- type: status
status:
- 200
extractors:
- type: kval
part: header
kval:
- last_modified
# digest: 4a0a00473045022100de3350c93cd22d8299a2f634f47abd366191321dc47d1e00ed97b1845e93051102206aa9e50539fc41b323c9b1cc9be32636d1e7060956c04d4ed7af931c341b37df:922c64590222798bb761d5b6d8e72950