Approximately 900 Sangoma FreePBX Systems Compromised via CVE-2025-64328
First seen 28 Feb 2026, 17:09 UTC
•
•91% similarity
•41
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Approximately 900 Sangoma FreePBX systems are compromised due to CVE-2025-64328, a command injection vulnerability. This bug was patched in version 17.0.3, but many systems remain unpatched and vulnerable to exploitation. The vulnerability was added to the CISA KEV list on February 3, 2026, indicating active exploitation.
ThreatCluster AI
Timeline
2025-11-07
CVE-2025-64328 published
2025-11-16
First public PoC released
2026-02-03
CVE-2025-64328 added to CISA KEV (active exploitation)
2026-02-27
Warning issued about ~900 compromised Sangoma FreePBX systems
2026-02-28
Continued warnings about compromised systems