CVE-2025-67736 – FreePBX tts Module Authenticated SQL Injection

This patch addresses a security issue in the FreePBX Text-to-Speech (tts) module that allowed an authenticated administrator to perform SQL injection attacks through the FreePBX Administration Control Panel. The vulnerability affects FreePBX tts module versions prior to 16.0.5 and 17.0.5. Attackers with administrative access could manipulate database queries, potentially extracting sensitive data and executing commands on the underlying system. In some scenarios, this access could allow code execution as the asterisk service account and potentially escalate privileges to root, placing the entire telephony platform at risk.

The issue is tracked as CVE-2025-67736. The CVSS score is 8.6, which is High severity. The vulnerability allows network-based exploitation with low attack complexity, though it requires administrator privileges. The patch strengthens input validation and database query handling in the tts module to prevent malicious SQL commands from being executed.

No verified reports of active exploitation or zero-day attacks were confirmed.