CVE-2025-64328 is a Sangoma FreePBX operating-system command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2026-02-03. That listing means the issue is considered actively exploited in the wild, so defensive action should be prioritized immediately. The supplied corpus does not include affected versions, CVSS scoring, or vendor advisory text, so remediation shoul [truncated]
CVE-2019-19006 is a Sangoma FreePBX improper authentication vulnerability that CISA added to the Known Exploited Vulnerabilities (KEV) catalog on 2026-02-03. The available source corpus does not provide detailed exploit mechanics, but it does confirm this issue is considered known exploited and that remediation should follow vendor guidance. CISA’s KEV entry also points to a Sangoma/FreePBX vendor note ti [truncated]
CVE-2025-57819 is a Sangoma FreePBX authentication bypass vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-08-29. Because it is in KEV, defenders should treat it as an active-exploitation risk and move quickly to vendor-directed mitigation, patching, or removal if mitigation is not possible.
