In August 2025, a critical zero-day vulnerability was discovered in FreePBX, the open-source VoIP platform used by thousands of organizations worldwide. Attackers exploited a flaw in the system’s web interface to gain remote access without authentication, allowing them to execute arbitrary commands and potentially pivot into other parts of the network. The vulnerability was severe enough to prompt an emergency patch and widespread alerts from security researchers and agencies
What You Need to Know About the Exploit
The attack targeted FreePBX servers exposed to the internet, particularly those lacking proper firewall restrictions. Once compromised, attackers could:
- Modify call routing and dial plans
- Initiate unauthorized outbound calls (often to premium-rate numbers)
- Install persistent backdoors via cron jobs or modified system files
- Use the server as a launchpad for lateral movement across the network
How to Check If You’ve Been Affected
If you’re running FreePBX, here are key steps to take immediately:
- Review Call Logs: Look for unusual outbound traffic, especially to international or high-cost numbers.
- Audit Access Logs: Check for logins from unfamiliar IP addresses or at odd hours.
- Inspect Configuration Files: Look for unauthorized changes in
/etc/asterisk/and/var/www/html/admin/. - Scan for Suspicious Cron Jobs: Attackers often use scheduled tasks to maintain access.
- Monitor Network Traffic: Watch for outbound connections to known malicious IPs or command-and-control infrastructure.
If you work with a managed service provider (MSP), ask them to:
- Confirm the emergency patch has been applied
- Restrict public access to the FreePBX interface using firewall rules
- Conduct a full log and file integrity review
- Scan for malware or indicators of compromise
- Assess whether attackers may have moved laterally into other systems
Why Moving to RingCentral Is a Smarter Long-Term Strategy
While FreePBX offers flexibility, it also places the burden of security, patching, and monitoring squarely on your shoulders—or your MSP’s. That’s why Compass Lane recommends and supports RingCentral, a cloud-based VoIP solution that eliminates many of the risks associated with self-hosted systems.
With RingCentral:
- No Public Exposure: Your VoIP infrastructure isn’t sitting on the open internet.
- Automatic Security Updates: Vulnerabilities are patched by RingCentral’s dedicated security team.
- Built-In Redundancy and Uptime: You don’t have to worry about server maintenance or failover.
- Centralized Access Controls: Permissions and user roles are easy to manage and audit.
In short, RingCentral removes the attack surface that made the FreePBX exploit possible. It’s a secure, scalable, and fully managed solution—ideal for public sector organizations, first responders, and municipalities who can’t afford downtime or data breaches.
If you’re still running FreePBX, now is the time to reassess. Compass Lane can help you evaluate your current setup, secure it, and transition to a safer, cloud-based alternative.