π¨ FreePBX SQL Injection & RCE (CVE-2025-57819): I built a safe, read-only checker.
Over the weekend I analyzed a critical SQLi path in a FreePBX AJAX endpoint on a test environment and confirmed which parameters are vulnerable. The result: a compact FreePBX SQL Injection Checker that safely tells you whether your PBX could be at risk of RCE and full server compromise - without writing to the database.
Whatβs inside?
βͺοΈ Read-only diagnostics (error/boolean/time-based).
βͺοΈ Focus on potential vulnerable parameters in /admin/ajax.php.
βͺοΈ Clear per-parameter verdicts + JSON report for CI/IR.
βͺοΈ Proxy-friendly (Burp/ZAP), easy to script, easy to review.
Why it matters?
Unpatched SQLi on an Internet-exposed PBX is a straight line to RCE => call interception, credential theft, lateral movement, and full business impact.
Get it here:
π GitHub: https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Use it only on systems you own or are authorized to test. Feedback and PRs welcome!
Over the weekend I analyzed a critical SQLi path in a FreePBX AJAX endpoint on a test environment and confirmed which parameters are vulnerable. The result: a compact FreePBX SQL Injection Checker that safely tells you whether your PBX could be at risk of RCE and full server compromise - without writing to the database.
Whatβs inside?
βͺοΈ Read-only diagnostics (error/boolean/time-based).
βͺοΈ Focus on potential vulnerable parameters in /admin/ajax.php.
βͺοΈ Clear per-parameter verdicts + JSON report for CI/IR.
βͺοΈ Proxy-friendly (Burp/ZAP), easy to script, easy to review.
Why it matters?
Unpatched SQLi on an Internet-exposed PBX is a straight line to RCE => call interception, credential theft, lateral movement, and full business impact.
Get it here:
π GitHub: https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Use it only on systems you own or are authorized to test. Feedback and PRs welcome!
GitHub
GitHub - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/timeβ¦
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting. - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
π1π₯1
π¨ FreePBX SQLi & RCE (CVE-2025-57819) - v1.1.0 Updated!
Read-only checker update: multi-host scans + structured output for fast CI/IR.
Usage:
ποΈ -L / --list - scan hosts from a .txt (one per line, # = comment)
π Per-host JSON reports β out/ (--out-dir)
π΄ vulnerable.txt - quick list of vulnerable hosts + params
β±οΈ --delay - pause between hosts (default 1.5s)
π‘οΈ Read-only checks (error/boolean/time-based). Proxy-friendly (Burp/ZAP).
Get it here:
π GitHub:
π https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
Read-only checker update: multi-host scans + structured output for fast CI/IR.
Usage:
ποΈ -L / --list - scan hosts from a .txt (one per line, # = comment)
π Per-host JSON reports β out/ (--out-dir)
π΄ vulnerable.txt - quick list of vulnerable hosts + params
β±οΈ --delay - pause between hosts (default 1.5s)
π‘οΈ Read-only checks (error/boolean/time-based). Proxy-friendly (Burp/ZAP).
Get it here:
π GitHub:
π https://github.com/xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
GitHub
GitHub - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC: Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/timeβ¦
Safe, read-only SQL Injection checker for FreePBX (CVE-2025-57819), using error/boolean/time-based techniques with per-parameter verdicts and JSON reporting. - xV4nd3Rx/CVE-2025-57819_FreePBX-PoC
π₯4
π Kali Linux 2025.3 Released - New Tools & Wi-Fi Enhancements
The latest update to Kali Linux is here, bringing powerful new tools, Wi-Fi improvements, and NetHunter updates.
π§ Whatβs New
β’ 10 new tools: Caido, DiE, Gemini CLI, krbrelayx, ligolo-mp, llm-tools-nmap, mcp-kali-server, patchleaks, vwifi-dkms, and more.
β’ Wi-Fi & Nexmon: Expanded support for Broadcom/Cypress chips with monitor & injection modes.
β’ Kali NetHunter: New device support (Samsung S10), CARsenal improvements, UI fixes.
β’ Xfce VPN panel: More flexible IP copy options.
β’ ARMel dropped, Magisk kernel modules added (experimental).
π How to Update
For those updating from a previous version, you can use the following commands to upgrade to the latest version.
The latest update to Kali Linux is here, bringing powerful new tools, Wi-Fi improvements, and NetHunter updates.
π§ Whatβs New
β’ 10 new tools: Caido, DiE, Gemini CLI, krbrelayx, ligolo-mp, llm-tools-nmap, mcp-kali-server, patchleaks, vwifi-dkms, and more.
β’ Wi-Fi & Nexmon: Expanded support for Broadcom/Cypress chips with monitor & injection modes.
β’ Kali NetHunter: New device support (Samsung S10), CARsenal improvements, UI fixes.
β’ Xfce VPN panel: More flexible IP copy options.
β’ ARMel dropped, Magisk kernel modules added (experimental).
π How to Update
For those updating from a previous version, you can use the following commands to upgrade to the latest version.
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | sudo tee /etc/apt/sources.list
sudo apt update && sudo apt -y full-upgrade
cp -vrbi /etc/skel/. ~/
[ -f /var/run/reboot-required ] && sudo reboot -f
π₯3β€1
CorsairAPI - async, OpenAPI-aware recon & payload generator for APIs.
It auto-discovers Swagger/OpenAPI, parses robots/sitemap, probes subdomains, and exports clean artifacts (results.csv, oas_endpoints.txt, oas_payloads.jsonl) for Burp/ZAP or pipelines.
Why itβs handy?
π Smart discovery (OpenAPI, HTML hints, robots/sitemap)
βοΈ Modes: stealth / medium / aggressive
π€ Interactive setup (mode, UA, depth) or pure CLI
π§ͺ Schema-driven request/payload generation
π CSV now logs findings even with depth=0 (incl. found tags)
Get it here π https://github.com/xV4nd3Rx/CorsairAPI
Stars & feedback welcome! β
It auto-discovers Swagger/OpenAPI, parses robots/sitemap, probes subdomains, and exports clean artifacts (results.csv, oas_endpoints.txt, oas_payloads.jsonl) for Burp/ZAP or pipelines.
Why itβs handy?
π Smart discovery (OpenAPI, HTML hints, robots/sitemap)
βοΈ Modes: stealth / medium / aggressive
π€ Interactive setup (mode, UA, depth) or pure CLI
π§ͺ Schema-driven request/payload generation
π CSV now logs findings even with depth=0 (incl. found tags)
Get it here π https://github.com/xV4nd3Rx/CorsairAPI
Stars & feedback welcome! β
π₯3β‘1
Metasploit Weekly Wrap-Up - Sep 26, 2025
𧩠Cron Persistence refresh - cron-based persistence now aligned with the new persistence mixin (multi/persistence/cron). Cleaner internals, same effect.
π₯ FreePBX /admin/ajax.php SQLi β RCE (CVE-2025-57819) - new module (unix/http/freepbx_unauth_sqli_to_rce) abuses SQLi to write a cron job for code execution. Auth bypass + SQLi chain, wide impact on v15/16/17. Patch fast.
Update with msfupdate and read the full wrap-up here π https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-09-26-2025
𧩠Cron Persistence refresh - cron-based persistence now aligned with the new persistence mixin (multi/persistence/cron). Cleaner internals, same effect.
π₯ FreePBX /admin/ajax.php SQLi β RCE (CVE-2025-57819) - new module (unix/http/freepbx_unauth_sqli_to_rce) abuses SQLi to write a cron job for code execution. Auth bypass + SQLi chain, wide impact on v15/16/17. Patch fast.
Update with msfupdate and read the full wrap-up here π https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-09-26-2025
π₯4β‘1π1
π© The Huntress CTF is back!
π΅οΈββοΈ Now in its third year, the competition runs October 1 β October 31 with new challenges every single day.
π» Free to play. Register anytime β even while the game is live!
β³ Play at your own pace, whenever you want.
π Sign up here: ctf.huntress.com
π΅οΈββοΈ Now in its third year, the competition runs October 1 β October 31 with new challenges every single day.
π» Free to play. Register anytime β even while the game is live!
β³ Play at your own pace, whenever you want.
π Sign up here: ctf.huntress.com
β€3π2π₯2
π¨ Break into Cybersecurity for FREE π¨
Want to become a SOC Analyst but donβt know where to start?
Here are free certifications & learning paths to kickstart your career β¬οΈ
β Cisco β Security Operations Center (SOC)
β Cisco β Junior Cybersecurity Analyst
β TryHackMe β SOC Level 1
β LetsDefend β SOC Analyst Learning Path
β Splunk β Free training on monitoring & SIEM
No excuses now β these resources can help you build real SOC skills without spending a money πΈ
π Save this list & start your SOC journey today.
Want to become a SOC Analyst but donβt know where to start?
Here are free certifications & learning paths to kickstart your career β¬οΈ
β Cisco β Security Operations Center (SOC)
β Cisco β Junior Cybersecurity Analyst
β TryHackMe β SOC Level 1
β LetsDefend β SOC Analyst Learning Path
β Splunk β Free training on monitoring & SIEM
No excuses now β these resources can help you build real SOC skills without spending a money πΈ
π Save this list & start your SOC journey today.
β€3π₯3π1
π’FREE COMPTIA EXAM VOUCHER!π’
CompTIA launched a new certification (CompTIA SecAI+) and is offering FREE vouchers for those that qualify.
Domains & weights:
β1) Basic AI Concepts Related to Cyber β 17%
β2) Securing AI Systems β 40%
β3) AI-assisted Security β 24%
β4) AI Governance, Risk & Compliance β 19%
β Check eligibility and register here: https://lnkd.in/diQcCAn4
If you qualify, take, and pass the beta exam, you will earn the new CompTIA SecAI+ certification at no cost.
π Take the beta exam by October 17, 2025, to receive an incentive.
β³ The beta exam period ends on October 31, 2025.
CompTIA launched a new certification (CompTIA SecAI+) and is offering FREE vouchers for those that qualify.
Domains & weights:
β1) Basic AI Concepts Related to Cyber β 17%
β2) Securing AI Systems β 40%
β3) AI-assisted Security β 24%
β4) AI Governance, Risk & Compliance β 19%
β Check eligibility and register here: https://lnkd.in/diQcCAn4
If you qualify, take, and pass the beta exam, you will earn the new CompTIA SecAI+ certification at no cost.
π Take the beta exam by October 17, 2025, to receive an incentive.
β³ The beta exam period ends on October 31, 2025.
π€3β€2π1