CVE-2025-1131

HIGH EPSS 10.0%
Published Sep 23, 20259mo ago · Modified Jun 17, 20262w ago
7.0 CVSS 4.0
High
Find Similar
Published Sep 23, 2025 9mo ago
Last Modified Jun 17, 2026 2w ago

Description

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

CVSS Details

Base Score
7.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:C/RE:H/U:Amber
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
10.0% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-427

Affected Products 30

VendorProductVersionRange
sangomaasterisk* <18.26.3
sangomaasterisk*≥20.0.0  –  <20.15.1
sangomaasterisk*≥21.0.0  –  <21.10.1
sangomaasterisk*≥22.0.0  –  <22.5.1
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk18.9any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any
sangomacertified_asterisk20.7any

References 2

  • github.com https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
    ExploitVendor Advisory
  • lists.debian.org https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.