CVE-2025-1131

23.09.2025, 05:15

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.


Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Gridware	CNA	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-427 - Uncontrolled Search Path Element
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Vulnerability Media Exposure

[GERMAN] Asterisk: Mehrere Schwachstellen
Ein lokaler Angreifer kann mehrere Schwachstellen in Asterisk ausnutzen, um seine Privilegien zu erhöhen, oder einen Denial-of-Service auszulösen.
Published: 2025-07-31T22:00:00+00:00

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp