Vulnerability-Lookup

CVE-2025-54995 (GCVE-0-2025-54995)

Vulnerability from cvelistv5 – Published: 2025-08-28 15:08 – Updated: 2025-11-03 17:45

Title

Asterisk remotely exploitable leak of RTP UDP ports and internal resources

Summary

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1286 - Improper Validation of Syntactic Correctness of Input
CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/asterisk/asterisk/security/adv…	x_refsource_CONFIRM
https://github.com/asterisk/asterisk/pull/1405	x_refsource_MISC
https://github.com/asterisk/asterisk/pull/1406	x_refsource_MISC
https://github.com/asterisk/asterisk/commit/0278f…	x_refsource_MISC
https://github.com/asterisk/asterisk/commit/eafcd…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
asterisk	asterisk	Affected: < 18.26.4 Affected: < 18.9-cert17

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-54995",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-28T18:53:35.935192Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-08-28T18:54:20.465Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-03T17:45:15.011Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "asterisk",
          "vendor": "asterisk",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 18.26.4"
            },
            {
              "status": "affected",
              "version": "\u003c 18.9-cert17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1286",
              "description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-28T15:08:04.468Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
        },
        {
          "name": "https://github.com/asterisk/asterisk/pull/1405",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/pull/1405"
        },
        {
          "name": "https://github.com/asterisk/asterisk/pull/1406",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/pull/1406"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
        },
        {
          "name": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
        }
      ],
      "source": {
        "advisory": "GHSA-557q-795j-wfx2",
        "discovery": "UNKNOWN"
      },
      "title": "Asterisk remotely exploitable leak of RTP UDP ports and internal resources"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-54995",
    "datePublished": "2025-08-28T15:08:04.468Z",
    "dateReserved": "2025-08-04T17:34:24.420Z",
    "dateUpdated": "2025-11-03T17:45:15.011Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-54995",
      "date": "2026-05-28",
      "epss": "0.01416",
      "percentile": "0.80852"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-54995\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-28T15:16:02.500\",\"lastModified\":\"2025-11-03T18:17:00.357\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-1286\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.26.4\",\"matchCriteriaId\":\"ECF978D6-CB7D-469F-A848-8032435EC560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.9\",\"matchCriteriaId\":\"B71A493F-F47B-4F19-AD21-3800DE63DF5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79EEB5E5-B79E-454B-8DCD-3272BA337A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD3BBA39-95EC-462F-8F5A-15E8D07CC804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6BF553C-020D-4F99-9995-CA4A4383B2DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3069F1F-DDE8-4E9A-B4FF-64B7B11EEFCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*\",\"matchCriteriaId\":\"890205E3-973D-422E-940A-E9190BA37EFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*\",\"matchCriteriaId\":\"23100176-0528-448D-B2FA-D3B9B31A249D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*\",\"matchCriteriaId\":\"346B29FD-48B4-4121-89FD-45325865E54B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*\",\"matchCriteriaId\":\"49798C73-CCC4-4013-8A01-348D6B3D9C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5019880-BE93-4592-B3E0-C69FA2C47B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"892BAE5D-A64E-4FE0-9A99-8C07F342A042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A716A45-7075-4CA6-9EF5-2DD088248A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EFA05B-E22D-49CE-BDD6-5C7123F1C12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*\",\"matchCriteriaId\":\"20FD475F-2B46-47C9-B535-1561E29CB7A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7238FCD9-9F40-44BA-A170-69D4857AA1CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F657B046-6C83-48F9-A0B1-C63CDA7FD61D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D87C7DE-23EA-4532-A2E4-9BF82ADE12DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B79A5B46-5CA3-445E-BE47-1711DCD038A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D600B37E-94EA-48DE-B48E-871B3A983721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC3A00E-D1C6-467F-8FE7-E8437A527B3C\"}]}]}],\"references\":[{\"url\":\"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/pull/1405\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/asterisk/asterisk/pull/1406\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T17:45:15.011Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54995\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-28T18:53:35.935192Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-28T18:54:17.173Z\"}}], \"cna\": {\"title\": \"Asterisk remotely exploitable leak of RTP UDP ports and internal resources\", \"source\": {\"advisory\": \"GHSA-557q-795j-wfx2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"asterisk\", \"product\": \"asterisk\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 18.26.4\"}, {\"status\": \"affected\", \"version\": \"\u003c 18.9-cert17\"}]}], \"references\": [{\"url\": \"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2\", \"name\": \"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/asterisk/asterisk/pull/1405\", \"name\": \"https://github.com/asterisk/asterisk/pull/1405\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/asterisk/asterisk/pull/1406\", \"name\": \"https://github.com/asterisk/asterisk/pull/1406\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\", \"name\": \"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d\", \"name\": \"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1286\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-28T15:08:04.468Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-54995\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T17:45:15.011Z\", \"dateReserved\": \"2025-08-04T17:34:24.420Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-28T15:08:04.468Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

CERTFR-2025-AVI-0739

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	asterisk versions 21.10.x antérieures à 21.10.2
Asterisk	Asterisk	asterisk versions 20.15.x antérieures à 20.15.2
Asterisk	Asterisk	asterisk versions 18.26.x antérieures à 18.26.4
Asterisk	Asterisk	asterisk versions 22.5.x antérieures à 22.5.2
Asterisk	Asterisk	asterisk versions 18.9-cert1x antérieures à 18.9-cert17

References

Title

Publication Time

CERTFR-2025-AVI-0739

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Asterisk. Elles permettent à un attaquant de provoquer un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Asterisk	Asterisk	asterisk versions 21.10.x antérieures à 21.10.2
Asterisk	Asterisk	asterisk versions 20.15.x antérieures à 20.15.2
Asterisk	Asterisk	asterisk versions 18.26.x antérieures à 18.26.4
Asterisk	Asterisk	asterisk versions 22.5.x antérieures à 22.5.2
Asterisk	Asterisk	asterisk versions 18.9-cert1x antérieures à 18.9-cert17

References

Title

Publication Time

BDU:2025-14436

Vulnerability from fstec - Published: 28.08.2025

Title

Уязвимость системы управления IP-телефонией Asterisk, связанная с ошибками управления ресурсом, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость системы управления IP-телефонией Asterisk связана с ошибками управления ресурсом. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании

Severity


                    
                      AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Сообщество свободного программного обеспечения, ООО «Ред Софт», Digium, Inc.

Software Name

Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Asterisk

Software Version

11 (Debian GNU/Linux), 7.3 (РЕД ОС), до 18.26.4 (Asterisk)

Possible Mitigations

Использование рекомендаций: https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d_x0001_ Для РедОС: https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-asterisk-cve-2025-54995/?sphrase_id=1345421 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2025-54995

Reference

https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-asterisk-cve-2025-54995/?sphrase_id=1345421 https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d_x0001_ https://security-tracker.debian.org/tracker/CVE-2025-54995

CWE

CWE-399

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, Digium, Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "11 (Debian GNU/Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), \u0434\u043e 18.26.4 (Asterisk)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\nhttps://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d_x0001_\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttps://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-asterisk-cve-2025-54995/?sphrase_id=1345421\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2025-54995",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.08.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "18.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.11.2025",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2025-14436",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2025-54995",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Asterisk",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0435\u0439 Asterisk, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0448\u0438\u0431\u043a\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c (CWE-399)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f IP-\u0442\u0435\u043b\u0435\u0444\u043e\u043d\u0438\u0435\u0439 Asterisk \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-asterisk-cve-2025-54995/?sphrase_id=1345421\nhttps://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\nhttps://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d_x0001_\nhttps://security-tracker.debian.org/tracker/CVE-2025-54995",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-399",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,8)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,5)"
}

FKIE_CVE-2025-54995

Vulnerability from fkie_nvd - Published: 2025-08-28 15:16 - Updated: 2025-11-03 18:17

Severity

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9	Patch
security-advisories@github.com	https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d	Patch
security-advisories@github.com	https://github.com/asterisk/asterisk/pull/1405	Issue Tracking
security-advisories@github.com	https://github.com/asterisk/asterisk/pull/1406	Issue Tracking
security-advisories@github.com	https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html

Impacted products

Vendor	Product	Version
sangoma	asterisk	*
sangoma	certified_asterisk	*
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECF978D6-CB7D-469F-A848-8032435EC560",
              "versionEndExcluding": "18.26.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A493F-F47B-4F19-AD21-3800DE63DF5A",
              "versionEndExcluding": "18.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*",
              "matchCriteriaId": "79EEB5E5-B79E-454B-8DCD-3272BA337A9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "AD3BBA39-95EC-462F-8F5A-15E8D07CC804",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*",
              "matchCriteriaId": "D6BF553C-020D-4F99-9995-CA4A4383B2DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*",
              "matchCriteriaId": "E3069F1F-DDE8-4E9A-B4FF-64B7B11EEFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*",
              "matchCriteriaId": "890205E3-973D-422E-940A-E9190BA37EFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*",
              "matchCriteriaId": "23100176-0528-448D-B2FA-D3B9B31A249D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*",
              "matchCriteriaId": "346B29FD-48B4-4121-89FD-45325865E54B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*",
              "matchCriteriaId": "49798C73-CCC4-4013-8A01-348D6B3D9C5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*",
              "matchCriteriaId": "E5019880-BE93-4592-B3E0-C69FA2C47B6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*",
              "matchCriteriaId": "892BAE5D-A64E-4FE0-9A99-8C07F342A042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*",
              "matchCriteriaId": "1A716A45-7075-4CA6-9EF5-2DD088248A5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*",
              "matchCriteriaId": "80EFA05B-E22D-49CE-BDD6-5C7123F1C12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*",
              "matchCriteriaId": "20FD475F-2B46-47C9-B535-1561E29CB7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*",
              "matchCriteriaId": "7238FCD9-9F40-44BA-A170-69D4857AA1CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*",
              "matchCriteriaId": "F657B046-6C83-48F9-A0B1-C63CDA7FD61D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*",
              "matchCriteriaId": "6D87C7DE-23EA-4532-A2E4-9BF82ADE12DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B79A5B46-5CA3-445E-BE47-1711DCD038A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*",
              "matchCriteriaId": "D600B37E-94EA-48DE-B48E-871B3A983721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*",
              "matchCriteriaId": "2FC3A00E-D1C6-467F-8FE7-E8437A527B3C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17."
    },
    {
      "lang": "es",
      "value": "Asterisk es una centralita privada y un kit de herramientas de telefon\u00eda de c\u00f3digo abierto. Antes de las versiones 18.26.4 y 18.9-cert17, los puertos UDP RTP y los recursos internos pueden filtrarse debido a una falta de finalizaci\u00f3n de la sesi\u00f3n. Esto podr\u00eda resultar en fugas y agotamiento de recursos. Este problema ha sido parcheado en las versiones 18.26.4 y 18.9-cert17."
    }
  ],
  "id": "CVE-2025-54995",
  "lastModified": "2025-11-03T18:17:00.357",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-28T15:16:02.500",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/asterisk/asterisk/pull/1405"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/asterisk/asterisk/pull/1406"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        },
        {
          "lang": "en",
          "value": "CWE-1286"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-54995 (GCVE-0-2025-54995)

CERTFR-2025-AVI-0739

Solutions

CERTFR-2025-AVI-0739

Solutions

BDU:2025-14436

FKIE_CVE-2025-54995

Tags

Sightings

Nomenclature