A critical vulnerability was found in FreePBX and CVE 2014-7235 was released on September 30, 2014. An article on FreePBX.org explains all the details. If’ you’re running a FreePBX system be sure to read and act if you haven’t done so already.