Switch Telecom's anti-FreePBX shockvertising

Brandon

Well-Known Member
Joined
Feb 18, 2004
Messages
276
Reaction score
54
Location
National Bank of Zuma
Received the below email. Use trunks from SwitchTel on self hosted, fully updated, patched and firewalled FreePBX system.
Outbound calls now blocked and must manually unblock.
All my clients with a similar setup also received it and been blocked from dialing out.

Thanks for ruining my Friday evening :(

Dear Sir/Madam

Active FreePBX Zero-Day Exploit

Switch Telecom has become aware of a serious security vulnerability in FreePBX switchboard software.

We are contacting you because we have identified that you have registered your Switch Telecom service to a FreePBX system and are, accordingly, at risk.

It is our experience that, where such vulnerabilities are made public, fraudsters rapidly seek to abuse the situation.

Switch Telecom does not make use of FreePBX in its own systems and our systems remain secure. Notwithstanding that, we note that you have opted to install your own FreePBX system. Your FreePBX system was neither provided by nor is it maintained by Switch Telecom. As such, Switch Telecom shall not be responsible for any losses that you may incur as a result of your FreePBX system being vulnerable to fraud.

We are taking immediate measures to bar all outgoing calls on your service. This will prevent calls from being made and, notwithstanding the disruption this may pose to you, it is an essential precaution to prevent incurring exorbitant costs should your FreePBX system be hacked and exploited by fraudsters.

We are including below information on how to update and secure your FreePBX system. Once you have updated it, you can remove call barring by logging into the Switch Telecom Client Zone, selecting Services -> Service Management, clicking on the applicable line/trunk service, clicking Call Barring, selecting "Allow outbound calling" and clicking Update. We strongly recommend also selecting "Prohibit international calling" out of an abundance of precaution even after you have updated your FreePBX system.

Please do NOT remove your call barring before you have secured your FreePBX system, even in respect of national calls, and even if you feel that this is essential in order to continue operating your business. To the extent that you do so and your system is abused by fraudsters, you may become liable for thousands of Rands in calls costs and run the risk that other telephone networks may block your phone number. It can then take up to three weeks to get your number removed from various blacklists.

Updating FreePBX

The Sangoma FreePBX Security Team has issued an advisory warning about an actively exploited FreePBX zero-day vulnerability that impacts systems with an administrator control panel (ACP) exposed to the public internet.

The vulnerability, assigned the CVE identifier CVE-2025-57819, carries a CVSS score of 10.0, indicating maximum severity.

More information is available at: https://thehackernews.com/2025/08/freepbx-servers-targeted-by-zero-day.html

In the event that your FreePBX system becomes compromised before you update it, it is recommended to erase it entirely and re-install the latest version afresh, as well as to arrange with Switch Telecom to reset the SIP passwords for all Switch Telecom service credentials that were saved on the compromised system.

Assistance from Switch Telecom



Switch Telecom is reachble on 087 550 0000 during office hours. Our technical support team do not usually work on weekends or after hours, however, should you require assistance specifically with respect to this matter, please email us at [email protected] and we will endevour to arrange for a standby engineer to assist you.



Please note that, since we did not provide your FreePBX system and do not manage, we cannot simply fix this issue for you and your first call should be to whomever maintains your FreePBX switchboard. Our support team will assist with call barring and other matters pertaining to your Switch Telecom service.



Alternatives



Should you not be able to update and secure your FreePBX system, an alternative is to discontinue the use of it and replace it with a Switch Telecom Hosted Switchboard solution.

For more information on the Hosted Switchboard offering, please visit: https://www.switchtel.co.za/hosted-switchboard-pbx-solution/



--
Yours faithfully
Switch Telecom - Customer Care Team
T +27 87 550 0000
W www.switchtel.co.za

TLDR version:
We have chosen this opportunity of the emergence of (yet another) high scoring CVE to let you know you are using a free opensource pbx that we disapprove the use of (oops, we use Asterisk - but ignore that), so we decided to block your outbound calls for your own "safety".

Oh, we didn't bother to check the version you are actually using, or even consider that your pbx may not even be open to the internet - but this was a fantastic opportunity to punt our "secure" (expensive) cloud solutions.

So buy our more expensive solutions and stop using the cheaper basic services.

Yours faithfully
Switch Telecom - Customer Care Team
 
Although Switch Telecom is a direct competitor of ours, I must commend them on their approach here. It is considerate and responsible for them to act quickly to protect their clients’ interests.


I’ve personally seen the damage that poorly configured or unmaintained FreePBX systems can cause. IT companies with little or no experience in voice often set them up for clients, and the result can be devastating. I’ve personally dealt with cases where a single hacked system resulted in R50,000 in fraudulent calls, and another that ran up to R250,000. Those are just the ones I’ve seen firsthand there are many more.


That’s why I completely agree with the steps Switch Telecom has taken. It’s a logical and sensible warning, and it costs you nothing to update your system and then remove the outgoing call block once it’s secure. If you lift the block without securing your system, the responsibility (and the potential financial loss) lies with you.


In my view, Switch Telecom’s approach here is both reasonable and very considerate of their customers.
 
Although Switch Telecom is a direct competitor of ours, I must commend them on their approach here. It is considerate and responsible for them to act quickly to protect their clients’ interests.


I’ve personally seen the damage that poorly configured or unmaintained FreePBX systems can cause. IT companies with little or no experience in voice often set them up for clients, and the result can be devastating. I’ve personally dealt with cases where a single hacked system resulted in R50,000 in fraudulent calls, and another that ran up to R250,000. Those are just the ones I’ve seen firsthand there are many more.


That’s why I completely agree with the steps Switch Telecom has taken. It’s a logical and sensible warning, and it costs you nothing to update your system and then remove the outgoing call block once it’s secure. If you lift the block without securing your system, the responsibility (and the potential financial loss) lies with you.


In my view, Switch Telecom’s approach here is both reasonable and very considerate of their customers.
And for those of us who have fully updated, patched and firewalled PBX's?
Is it right to just blanket-block everyone?
What about when the next CVE comes out?

To add:
I do agree with the generalisation to protect unpatched, internet exposed pbx's.
By all means - identify them and take action.
My issue is with the general assumption that because a user is running FPBX it is vulnerable and therefore must be blocked
 
Last edited:
Fastest way I would switch to someone else.
Their service has actually been superb and been using them personally since about 2016, recommended them to all my voice clients as a preferred provider.

Now have customers contacting me about the security of their PBX's even though they are fully updated patched and secured.

If this is the sign of things to come then agreed - time to switch
 
Their service has actually been superb and been using them personally since about 2016, recommended them to all my voice clients as a preferred provider.

Now have customers contacting me about the security of their PBX's even though they are fully updated patched and secured.

If this is the sign of things to come then agreed - time to switch

Yeah I’m just not a fan of extortionate practises more so taking actions without any forewarning or approval.

Massive overstep.
 
My 2 cents
There are some simple things you can put in place to mitigate these hacks on any pbx. Put limits in place at your SIP provider, you will very quickly "see" an average monthly usage pattern, you can normally set a customer limit and an individual trunk limit, if the limit is hit, then make sure to check why the limit was hit and if there are strange calls. You should also bar international calls to unexpected locations. On the PBX itself you should always have pin codes to dial international numbers and then have a maximum call duration. all of these things can help mitigate these issues.

Note that the vulnerability also specifically mentions that you are compromised using the endpoint manager module so check and remove modules that you dont use. As far as I am concerned your PBX should never be exposed to the internet with a web ui, if you are running FreePBX then you are running linux my advice is to install OpenVPN this will allow you to login with a secure VPN to do maintenance on your system and also allow many modern IP phones to register to your system without needing SIP to be forwarded to your system. Most hackers out there are looking for SIP if they dont see SIP they dont see your system as a Telephone system. You also need to make sure that you always run a firewall. On my systems I always geo block and network block sip traffic, if I need to forward it. So I only forward SIP from expected local networks.

Note the following from Sangoma,
If you are not running Endpoint manager then you are probably not infected.
 
Last edited:
Top
Sign up to the MyBroadband newsletter
X