ThreatCluster

Approximately 900 Sangoma FreePBX Systems Compromised via CVE-2025-64328

First seen 28 Feb 2026, 17:09 UTC X 91% similarity 41

Article Content

Browse articles
ThreatCluster

Approximately 900 Sangoma FreePBX systems are compromised due to CVE-2025-64328, a command injection vulnerability. This bug was patched in version 17.0.3, but many systems remain unpatched and vulnerable to exploitation. The vulnerability was added to the CISA KEV list on February 3, 2026, indicating active exploitation.

ThreatCluster AI

Timeline

2025-11-07
CVE-2025-64328 published
2025-11-16
First public PoC released
2026-02-03
CVE-2025-64328 added to CISA KEV (active exploitation)
2026-02-27
Warning issued about ~900 compromised Sangoma FreePBX systems
2026-02-28
Continued warnings about compromised systems

Community

Browse all →