CVE-2025-1131

Опубликовано: 23 сент. 2025

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия до 18.26.3 (исключая)

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия от 20.0.0 (включая) до 20.15.1 (исключая)

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия от 21.0.0 (включая) до 21.10.1 (исключая)

cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*

Версия от 22.0.0 (включая) до 22.5.1 (исключая)

Конфигурация 2

Одно из

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert2:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert3:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert4:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert5:*:*:*:*:*:*

cpe:2.3:a:sangoma:certified_asterisk:20.7:cert6:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

7.8 High

CVSS3

Дефекты

CWE-427

Связанные уязвимости

CVE-2025-1131

CVSS3: 7.8

ubuntu

5 месяцев назад

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

CVE-2025-1131

CVSS3: 7.8

debian

5 месяцев назад

A local privilege escalation vulnerability exists in the safe_asterisk ...

BDU:2025-13246

CVSS3: 8.8

fstec

6 месяцев назад

Уязвимость сценария safe_asterisk (/usr/sbin/safe_asterisk) системы управления IP-телефонией Asterisk, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 18%

0.00056

Низкий

7.8 High

CVSS3

Дефекты

CWE-427