CVE-2014-7235

CVE-2014-7235 is a critical-severity vulnerability in Freepbx with a CVSS 2.0 base score of 10.0. Its EPSS exploit-prediction score of 43% places it in the 99th percentile, indicating an elevated likelihood of exploitation. The underlying weakness is classified as CWE-94.

Key facts

Description

htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.

Frequently asked questions

What is CVE-2014-7235?
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
How severe is CVE-2014-7235?
CVE-2014-7235 has a CVSS 2.0 base score of 10.0, rated critical severity.
Is CVE-2014-7235 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 43% (99th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2014-7235?
CVE-2014-7235 primarily affects Freepbx. In total, 22 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
How do I fix CVE-2014-7235?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
When was CVE-2014-7235 published?
CVE-2014-7235 was published on 2014-10-07 and last updated on 2026-06-17.

References

Affected products (22)

More vulnerabilities in Freepbx

All CVEs affecting Freepbx →

Other CWE-94 (Code Injection) vulnerabilities

Browse all CWE-94 (Code Injection) vulnerabilities →