CVE-2025-1131

High CVSS: 7.0

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.

Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Vendor

Sangoma

Product

Asterisk

CWE

CWE-427

Yayın Tarihi

2025-09-23 05:15:35

Güncelleme

2025-11-03 18:15:48

Source Identifier

b7efe717-a805-47cf-8e9a-921fca0ce0ce

KEV Date Added

Kategoriler

CWE-427 Asterisk HIGH Sangoma 2025

Referanslar

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html

Benzer Kayıtlar

High

CVE-2026-28287

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,…

High

CVE-2026-28209

FreePBX is an open source IP PBX. From versions 16.0.17.2 to before 16.0.20 and from version 17.0.2.4 to before 17.0.5,…

High

CVE-2026-28210

FreePBX is an open source IP PBX. Prior to versions 16.0.49 and 17.0.7, FreePBX module cdr (Call Data Record) is vulnera…

High

CVE-2026-28284

FreePBX is an open source IP PBX. Prior to versions 16.0.10 and 17.0.5, the FreePBX logfiles module contains several aut…

Low

CVE-2025-55210

FreePBX is an open-source web-based graphical user interface (GUI) that manages Asterisk. Prior to 17.0.5 and 16.0.17, F…

Low

CVE-2026-23738

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 20.7-cert9, 20.18.2, 21.12.1…