We have IPs Whitelist setup however, it seems that this specific instance had the Web access on Internet still active.
@penguinpbx When should we expect the CVE for this?
2 Likes
Does endpoint manager need to be enabled or can it still be exploited if it is installed and disabled?
Yes. Please review last week’s updates to the forum post Security Advisory: Please Lock Down Your Administrator Access for more information on CVE-2025-57819.
EDIT: Probably, but will review test cases - even if Disabled, the code is usually sitting there on your system, under /var/www/html/
Seems like a rather large attack surface of that’s true. I guess all the stuff in .htaccess, only allowing access to certain files, doesn’t help much. Not sure what can be done about it. Maybe not putting the module files in the publicly accessible web folder? The CVE doesn’t go into enough detail for me to know what this specific attack vector was beyond the initial input sanitization problem.
This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.