August 27, 2025 By Lawrence Abrams
The Sangoma FreePBX Security Team is warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with the Administrator Control Panel (ACP) is exposed to the internet.
FreePBX is an open-source PBX (Private Branch Exchange) platform built on top of Asterisk, widely used by businesses, call centers, and service providers to manage voice communications, extensions, SIP trunks, and call routing.
In an advisory posted to the FreePBX forums, the Sangoma FreePBX Security Team warned that since August 21, hackers have been exploiting a zero-day vulnerability in exposed FreePBX administrator control panels.
"The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet, and we are working on a fix, with expected deployment within the next 36 hours," reads the forum post.
"Users are advised to limit access to the FreePBX Administrator by using the Firewall module to limit access to only known trusted hosts."
