Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-59051

updated 1 month, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 1 week ago
@LeSuisse removed
11 packages
- rubyPackages.indieweb-endpoints
- rubyPackages_3_1.indieweb-endpoints
- rubyPackages_3_2.indieweb-endpoints
- rubyPackages_3_3.indieweb-endpoints
- rubyPackages_3_4.indieweb-endpoints
- rubyPackages_4_0.indieweb-endpoints
- python313Packages.alibabacloud-endpoint-util
- python314Packages.alibabacloud-endpoint-util
- python312Packages.azure-synapse-managedprivateendpoints
- python313Packages.azure-synapse-managedprivateendpoints
- python314Packages.azure-synapse-managedprivateendpoints
1 month, 1 week ago
@LeSuisse dismissed 1 month, 1 week ago

FreePBX Endpoint Manager command injection via Network Scanning feature

The FreePBX Endpoint Manager module includes a Network Scanning feature that provides web-based access to nmap functionality for network device discovery. In Endpoint Manager 16 before 16.0.92 and 17 before 17.0.6, insufficiently sanitized user-supplied input allows authenticated OS command execution as the asterisk user. Authentication with a known username is required. Updating to Endpoint Manager 16.0.92 or 17.0.6 addresses the issue.

References

https://github.com/FreePBX/security-reporting/security/advisories/GHSA-qgj3-f9gj-98v9 x_refsource_CONFIRM
https://github.com/FreePBX/security-reporting/security/advisories/GHSA-qgj3-f9gj-98v9 x_refsource_CONFIRM

Affected products

endpoint

==< 16.0.92
==>= 17.0.0, < 17.0.6

security-reporting

==< 16.0.92
==>= 17.0.0, < 17.0.6

Not present in nixpkgs

Suggestion detail

References

Affected products