freepbx-cleanup-backdoor: FreePBX - CVE-2025-57819 Backdoor

日期: 2025-08-01 | 影响软件: FreePBX | POC: 已公开

漏洞描述

FreePBX backdoor cleanup script used in 0-day exploitation of CVE-2025-57819 was detected.

PoC代码[已公开]

id: freepbx-cleanup-backdoor

info:
  name: FreePBX - CVE-2025-57819 Backdoor
  severity: high
  author: darses
  description: |
    FreePBX backdoor cleanup script used in 0-day exploitation of CVE-2025-57819 was detected.
  metadata:
    verified: true
    max-request: 1
    vendor: sangoma
    product: freepbx
    shodan-query:
      - http.title:"FreePBX"
      - http.favicon.hash:-1908328911
      - http.favicon.hash:1574423538
    fofa-query:
      - title="FreePBX"
      - icon_hash="-1908328911"
      - icon_hash="1574423538"
  reference:
    - https://community.freepbx.org/t/security-advisory-please-lock-down-your-administrator-access/107203
  tags: backdoor,sangoma,freepbx

http:
  - method: GET
    path:
      - "{{BaseURL}}/.clean.sh"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "LOGS"
          - "Processing file"
          - "sed -i --follow-symlinks"
          - "/var/log/asterisk/freepbx_security.log"
        condition: and

      - type: status
        status:
          - 200

    extractors:
      - type: kval
        part: header
        kval:
          - last_modified
# digest: 4a0a004730450220136f30812bce7207a776f5fe3aa1773b1e60d9fbc185d4b08aed91e115ab18b802210096b696e81d07666cdd998dba763506655c76ea36b9ea641cc61eaa0e211adcfd:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./http/vulnerabilities/backdoor/freepbx-cleanup-backdoor.yaml

相关漏洞推荐