CVE-2025-47780

22.05.2025, 17:15

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring `cli_permissions.conf` (e.g. with the config line `deny=!*`) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the `cli_permissions.conf` file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

OS Command Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 24%

Vendor	Product	Version
sangoma	asterisk	𝑥 < 18.26.2
sangoma	asterisk	20.0.0 ≤ 𝑥 < 20.14.1
sangoma	asterisk	21.0.0 ≤ 𝑥 < 21.9.1
sangoma	asterisk	22.0.0 ≤ 𝑥 < 22.4.1
sangoma	certified_asterisk	𝑥 < 18.9
sangoma	certified_asterisk	18.9
sangoma	certified_asterisk	18.9:cert1
sangoma	certified_asterisk	18.9:cert1-rc1
sangoma	certified_asterisk	18.9:cert10
sangoma	certified_asterisk	18.9:cert11
sangoma	certified_asterisk	18.9:cert12
sangoma	certified_asterisk	18.9:cert13
sangoma	certified_asterisk	18.9:cert2
sangoma	certified_asterisk	18.9:cert3
sangoma	certified_asterisk	18.9:cert4
sangoma	certified_asterisk	18.9:cert5
sangoma	certified_asterisk	18.9:cert6
sangoma	certified_asterisk	18.9:cert7
sangoma	certified_asterisk	18.9:cert8
sangoma	certified_asterisk	18.9:cert8-rc1
sangoma	certified_asterisk	18.9:cert8-rc2
sangoma	certified_asterisk	18.9:cert9
sangoma	certified_asterisk	20.7:cert1
sangoma	certified_asterisk	20.7:cert1-rc1
sangoma	certified_asterisk	20.7:cert1-rc2
sangoma	certified_asterisk	20.7:cert2
sangoma	certified_asterisk	20.7:cert3
sangoma	certified_asterisk	20.7:cert4

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

asterisk

plucky	needs-triage
oracular	ignored
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

Known Exploits!

https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-c7p6-7mvq-8jq2