Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1131

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Published

2025-09-23T05:15:35.603

Last Modified

2025-11-03T18:15:48.883

Status

Modified

Source

b7efe717-a805-47cf-8e9a-921fca0ce0ce

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Secondary
CWE-427

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sangoma	asterisk	< 18.26.3	Yes
Application	sangoma	asterisk	< 20.15.1	Yes
Application	sangoma	asterisk	< 21.10.1	Yes
Application	sangoma	asterisk	< 22.5.1	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	18.9	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes
Application	sangoma	certified_asterisk	20.7	Yes

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp Exploit, Vendor Advisory (b7efe717-a805-47cf-8e9a-921fca0ce0ce)
https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html (af854a3a-2127-422b-91ae-364da2661108)