CVE-2025-64328

Analyzed

Published: 07 Nov 2025, 03:32

Last modified:03 Feb 2026, 17:20

Vulnerability Summary

Overall Risk (default)

medium

49/100

CVSS Score

8.6 HIGH

v4.0 (cve.org)

EPSS Score

20.56% HIGH

21% probability +20.10%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

2 found

Dark Web

Not detected

Timeline

07 Nov 2025, 03:32

Published

Vulnerability first disclosed

03 Feb 2026, 00:00

Added to CISA KEV

Sangoma FreePBX OS Command Injection Vulnerability

03 Feb 2026, 17:20

Last Modified

Vulnerability information updated

24 Feb 2026, 00:00

CISA Remediation Due

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

CVSS Metrics

EPSS Trends

Weaknesses (CWE)

KEV Details

Exploits (2)

Affected Systems

References (5)