CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1131

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 13.3%

CVSS Severity

CVSS v3 Score 7.8

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp

Products affected by CVE-2025-1131

Sangoma » Asterisk » Version: N/A

cpe:2.3:a:sangoma:asterisk:-
Sangoma » Asterisk » Version: 1.6.1

cpe:2.3:a:sangoma:asterisk:1.6.1
Sangoma » Asterisk » Version: 1.6.1.4

cpe:2.3:a:sangoma:asterisk:1.6.1.4
Sangoma » Asterisk » Version: 1.6.1.8

cpe:2.3:a:sangoma:asterisk:1.6.1.8
Sangoma » Asterisk » Version: 13.0.0

cpe:2.3:a:sangoma:asterisk:13.0.0
Sangoma » Asterisk » Version: 13.1.0

cpe:2.3:a:sangoma:asterisk:13.1.0
Sangoma » Asterisk » Version: 13.10.0

cpe:2.3:a:sangoma:asterisk:13.10.0
Sangoma » Asterisk » Version: 13.11.0

cpe:2.3:a:sangoma:asterisk:13.11.0
Sangoma » Asterisk » Version: 13.12.0

cpe:2.3:a:sangoma:asterisk:13.12.0
Sangoma » Asterisk » Version: 13.12.1

cpe:2.3:a:sangoma:asterisk:13.12.1
Sangoma » Asterisk » Version: 13.12.2

cpe:2.3:a:sangoma:asterisk:13.12.2
Sangoma » Asterisk » Version: 13.13.0

cpe:2.3:a:sangoma:asterisk:13.13.0
Sangoma » Asterisk » Version: 13.14.0

cpe:2.3:a:sangoma:asterisk:13.14.0
Sangoma » Asterisk » Version: 13.15.0

cpe:2.3:a:sangoma:asterisk:13.15.0
Sangoma » Asterisk » Version: 13.2.0

cpe:2.3:a:sangoma:asterisk:13.2.0
Sangoma » Asterisk » Version: 13.3.0

cpe:2.3:a:sangoma:asterisk:13.3.0
Sangoma » Asterisk » Version: 13.37.1

cpe:2.3:a:sangoma:asterisk:13.37.1
Sangoma » Asterisk » Version: 13.4.0

cpe:2.3:a:sangoma:asterisk:13.4.0
Sangoma » Asterisk » Version: 13.5.0

cpe:2.3:a:sangoma:asterisk:13.5.0
Sangoma » Asterisk » Version: 13.6.0

cpe:2.3:a:sangoma:asterisk:13.6.0
Sangoma » Asterisk » Version: 13.7.0

cpe:2.3:a:sangoma:asterisk:13.7.0
Sangoma » Asterisk » Version: 13.8.0

cpe:2.3:a:sangoma:asterisk:13.8.0
Sangoma » Asterisk » Version: 13.8.1

cpe:2.3:a:sangoma:asterisk:13.8.1
Sangoma » Asterisk » Version: 13.8.2

cpe:2.3:a:sangoma:asterisk:13.8.2
Sangoma » Asterisk » Version: 13.9.0

cpe:2.3:a:sangoma:asterisk:13.9.0
Sangoma » Asterisk » Version: 14.0.0

cpe:2.3:a:sangoma:asterisk:14.0.0
Sangoma » Asterisk » Version: 14.1.0

cpe:2.3:a:sangoma:asterisk:14.1.0
Sangoma » Asterisk » Version: 14.2.0

cpe:2.3:a:sangoma:asterisk:14.2.0
Sangoma » Asterisk » Version: 14.2.1

cpe:2.3:a:sangoma:asterisk:14.2.1
Sangoma » Asterisk » Version: 14.3.0

cpe:2.3:a:sangoma:asterisk:14.3.0
Sangoma » Asterisk » Version: 14.4.0

cpe:2.3:a:sangoma:asterisk:14.4.0
Sangoma » Asterisk » Version: 15.0.0

cpe:2.3:a:sangoma:asterisk:15.0.0
Sangoma » Asterisk » Version: 15.1.0

cpe:2.3:a:sangoma:asterisk:15.1.0
Sangoma » Asterisk » Version: 15.1.2

cpe:2.3:a:sangoma:asterisk:15.1.2
Sangoma » Asterisk » Version: 15.1.4

cpe:2.3:a:sangoma:asterisk:15.1.4
Sangoma » Asterisk » Version: 15.1.5

cpe:2.3:a:sangoma:asterisk:15.1.5
Sangoma » Asterisk » Version: 15.2.0

cpe:2.3:a:sangoma:asterisk:15.2.0
Sangoma » Asterisk » Version: 15.2.1

cpe:2.3:a:sangoma:asterisk:15.2.1
Sangoma » Asterisk » Version: 15.2.2

cpe:2.3:a:sangoma:asterisk:15.2.2
Sangoma » Asterisk » Version: 15.3.0

cpe:2.3:a:sangoma:asterisk:15.3.0
Sangoma » Asterisk » Version: 15.4.0

cpe:2.3:a:sangoma:asterisk:15.4.0
Sangoma » Asterisk » Version: 15.4.1

cpe:2.3:a:sangoma:asterisk:15.4.1
Sangoma » Asterisk » Version: 16.0.0

cpe:2.3:a:sangoma:asterisk:16.0.0
Sangoma » Asterisk » Version: 16.10.0

cpe:2.3:a:sangoma:asterisk:16.10.0
Sangoma » Asterisk » Version: 16.11.0

cpe:2.3:a:sangoma:asterisk:16.11.0
Sangoma » Asterisk » Version: 16.12.0

cpe:2.3:a:sangoma:asterisk:16.12.0
Sangoma » Asterisk » Version: 16.14.0

cpe:2.3:a:sangoma:asterisk:16.14.0
Sangoma » Asterisk » Version: 16.14.1

cpe:2.3:a:sangoma:asterisk:16.14.1
Sangoma » Asterisk » Version: 16.15.0

cpe:2.3:a:sangoma:asterisk:16.15.0
Sangoma » Asterisk » Version: 16.16.0

cpe:2.3:a:sangoma:asterisk:16.16.0
Sangoma » Asterisk » Version: 16.16.1

cpe:2.3:a:sangoma:asterisk:16.16.1
Sangoma » Asterisk » Version: 16.5.0

cpe:2.3:a:sangoma:asterisk:16.5.0
Sangoma » Asterisk » Version: 16.6.0

cpe:2.3:a:sangoma:asterisk:16.6.0
Sangoma » Asterisk » Version: 16.7.0

cpe:2.3:a:sangoma:asterisk:16.7.0
Sangoma » Asterisk » Version: 16.8.0

cpe:2.3:a:sangoma:asterisk:16.8.0
Sangoma » Asterisk » Version: 16.9.0

cpe:2.3:a:sangoma:asterisk:16.9.0
Sangoma » Asterisk » Version: 17.0.0

cpe:2.3:a:sangoma:asterisk:17.0.0
Sangoma » Asterisk » Version: 17.1.0

cpe:2.3:a:sangoma:asterisk:17.1.0
Sangoma » Asterisk » Version: 17.2.0

cpe:2.3:a:sangoma:asterisk:17.2.0
Sangoma » Asterisk » Version: 17.3.0

cpe:2.3:a:sangoma:asterisk:17.3.0
Sangoma » Asterisk » Version: 17.4.0

cpe:2.3:a:sangoma:asterisk:17.4.0
Sangoma » Asterisk » Version: 17.5.0

cpe:2.3:a:sangoma:asterisk:17.5.0
Sangoma » Asterisk » Version: 17.6.0

cpe:2.3:a:sangoma:asterisk:17.6.0
Sangoma » Asterisk » Version: 17.7.0

cpe:2.3:a:sangoma:asterisk:17.7.0
Sangoma » Asterisk » Version: 17.8.0

cpe:2.3:a:sangoma:asterisk:17.8.0
Sangoma » Asterisk » Version: 17.8.1

cpe:2.3:a:sangoma:asterisk:17.8.1
Sangoma » Asterisk » Version: 17.9.0

cpe:2.3:a:sangoma:asterisk:17.9.0
Sangoma » Asterisk » Version: 17.9.1

cpe:2.3:a:sangoma:asterisk:17.9.1
Sangoma » Asterisk » Version: 17.9.2

cpe:2.3:a:sangoma:asterisk:17.9.2
Sangoma » Asterisk » Version: 18.0.0

cpe:2.3:a:sangoma:asterisk:18.0.0
Sangoma » Asterisk » Version: 18.0.1

cpe:2.3:a:sangoma:asterisk:18.0.1
Sangoma » Asterisk » Version: 18.1.0

cpe:2.3:a:sangoma:asterisk:18.1.0
Sangoma » Asterisk » Version: 18.1.1

cpe:2.3:a:sangoma:asterisk:18.1.1
Sangoma » Asterisk » Version: 18.10.0

cpe:2.3:a:sangoma:asterisk:18.10.0
Sangoma » Asterisk » Version: 18.10.1

cpe:2.3:a:sangoma:asterisk:18.10.1
Sangoma » Asterisk » Version: 18.11.0

cpe:2.3:a:sangoma:asterisk:18.11.0
Sangoma » Asterisk » Version: 18.11.1

cpe:2.3:a:sangoma:asterisk:18.11.1
Sangoma » Asterisk » Version: 18.11.2

cpe:2.3:a:sangoma:asterisk:18.11.2
Sangoma » Asterisk » Version: 18.11.3

cpe:2.3:a:sangoma:asterisk:18.11.3
Sangoma » Asterisk » Version: 18.12.0

cpe:2.3:a:sangoma:asterisk:18.12.0
Sangoma » Asterisk » Version: 18.12.1

cpe:2.3:a:sangoma:asterisk:18.12.1
Sangoma » Asterisk » Version: 18.13.0

cpe:2.3:a:sangoma:asterisk:18.13.0
Sangoma » Asterisk » Version: 18.14.0

cpe:2.3:a:sangoma:asterisk:18.14.0
Sangoma » Asterisk » Version: 18.15.0

cpe:2.3:a:sangoma:asterisk:18.15.0
Sangoma » Asterisk » Version: 18.15.1

cpe:2.3:a:sangoma:asterisk:18.15.1
Sangoma » Asterisk » Version: 18.16.0

cpe:2.3:a:sangoma:asterisk:18.16.0
Sangoma » Asterisk » Version: 18.17.0

cpe:2.3:a:sangoma:asterisk:18.17.0
Sangoma » Asterisk » Version: 18.17.1

cpe:2.3:a:sangoma:asterisk:18.17.1
Sangoma » Asterisk » Version: 18.18.0

cpe:2.3:a:sangoma:asterisk:18.18.0
Sangoma » Asterisk » Version: 18.18.1

cpe:2.3:a:sangoma:asterisk:18.18.1
Sangoma » Asterisk » Version: 18.19.0

cpe:2.3:a:sangoma:asterisk:18.19.0
Sangoma » Asterisk » Version: 18.2.0

cpe:2.3:a:sangoma:asterisk:18.2.0
Sangoma » Asterisk » Version: 18.2.1

cpe:2.3:a:sangoma:asterisk:18.2.1
Sangoma » Asterisk » Version: 18.2.2

cpe:2.3:a:sangoma:asterisk:18.2.2
Sangoma » Asterisk » Version: 18.20.0

cpe:2.3:a:sangoma:asterisk:18.20.0
Sangoma » Asterisk » Version: 18.20.1

cpe:2.3:a:sangoma:asterisk:18.20.1
Sangoma » Asterisk » Version: 18.20.2

cpe:2.3:a:sangoma:asterisk:18.20.2
Sangoma » Asterisk » Version: 18.21.0

cpe:2.3:a:sangoma:asterisk:18.21.0
Sangoma » Asterisk » Version: 18.22.0

cpe:2.3:a:sangoma:asterisk:18.22.0
Sangoma » Asterisk » Version: 18.23.0

cpe:2.3:a:sangoma:asterisk:18.23.0
Sangoma » Asterisk » Version: 18.23.1

cpe:2.3:a:sangoma:asterisk:18.23.1
Sangoma » Asterisk » Version: 18.24.0

cpe:2.3:a:sangoma:asterisk:18.24.0
Sangoma » Asterisk » Version: 18.24.1

cpe:2.3:a:sangoma:asterisk:18.24.1
Sangoma » Asterisk » Version: 18.24.2

cpe:2.3:a:sangoma:asterisk:18.24.2
Sangoma » Asterisk » Version: 18.24.3

cpe:2.3:a:sangoma:asterisk:18.24.3
Sangoma » Asterisk » Version: 18.25.0

cpe:2.3:a:sangoma:asterisk:18.25.0
Sangoma » Asterisk » Version: 18.26.0

cpe:2.3:a:sangoma:asterisk:18.26.0
Sangoma » Asterisk » Version: 18.26.1

cpe:2.3:a:sangoma:asterisk:18.26.1
Sangoma » Asterisk » Version: 18.26.2

cpe:2.3:a:sangoma:asterisk:18.26.2
Sangoma » Asterisk » Version: 18.3.0

cpe:2.3:a:sangoma:asterisk:18.3.0
Sangoma » Asterisk » Version: 18.4.0

cpe:2.3:a:sangoma:asterisk:18.4.0
Sangoma » Asterisk » Version: 18.5.0

cpe:2.3:a:sangoma:asterisk:18.5.0
Sangoma » Asterisk » Version: 18.5.1

cpe:2.3:a:sangoma:asterisk:18.5.1
Sangoma » Asterisk » Version: 18.6.0

cpe:2.3:a:sangoma:asterisk:18.6.0
Sangoma » Asterisk » Version: 18.7.0

cpe:2.3:a:sangoma:asterisk:18.7.0
Sangoma » Asterisk » Version: 18.7.1

cpe:2.3:a:sangoma:asterisk:18.7.1
Sangoma » Asterisk » Version: 18.8.0

cpe:2.3:a:sangoma:asterisk:18.8.0
Sangoma » Asterisk » Version: 18.9.0

cpe:2.3:a:sangoma:asterisk:18.9.0
Sangoma » Asterisk » Version: 20.0.0

cpe:2.3:a:sangoma:asterisk:20.0.0
Sangoma » Asterisk » Version: 20.0.1

cpe:2.3:a:sangoma:asterisk:20.0.1
Sangoma » Asterisk » Version: 20.1.0

cpe:2.3:a:sangoma:asterisk:20.1.0
Sangoma » Asterisk » Version: 20.10.0

cpe:2.3:a:sangoma:asterisk:20.10.0
Sangoma » Asterisk » Version: 20.11.0

cpe:2.3:a:sangoma:asterisk:20.11.0
Sangoma » Asterisk » Version: 20.11.1

cpe:2.3:a:sangoma:asterisk:20.11.1
Sangoma » Asterisk » Version: 20.12.0

cpe:2.3:a:sangoma:asterisk:20.12.0
Sangoma » Asterisk » Version: 20.13.0

cpe:2.3:a:sangoma:asterisk:20.13.0
Sangoma » Asterisk » Version: 20.14.0

cpe:2.3:a:sangoma:asterisk:20.14.0
Sangoma » Asterisk » Version: 20.14.1

cpe:2.3:a:sangoma:asterisk:20.14.1
Sangoma » Asterisk » Version: 20.15.0

cpe:2.3:a:sangoma:asterisk:20.15.0
Sangoma » Asterisk » Version: 20.2.0

cpe:2.3:a:sangoma:asterisk:20.2.0
Sangoma » Asterisk » Version: 20.2.1

cpe:2.3:a:sangoma:asterisk:20.2.1
Sangoma » Asterisk » Version: 20.3.0

cpe:2.3:a:sangoma:asterisk:20.3.0
Sangoma » Asterisk » Version: 20.3.1

cpe:2.3:a:sangoma:asterisk:20.3.1
Sangoma » Asterisk » Version: 20.4.0

cpe:2.3:a:sangoma:asterisk:20.4.0
Sangoma » Asterisk » Version: 20.5.0

cpe:2.3:a:sangoma:asterisk:20.5.0
Sangoma » Asterisk » Version: 20.5.1

cpe:2.3:a:sangoma:asterisk:20.5.1
Sangoma » Asterisk » Version: 20.5.2

cpe:2.3:a:sangoma:asterisk:20.5.2
Sangoma » Asterisk » Version: 20.6.0

cpe:2.3:a:sangoma:asterisk:20.6.0
Sangoma » Asterisk » Version: 20.7.0

cpe:2.3:a:sangoma:asterisk:20.7.0
Sangoma » Asterisk » Version: 20.8.0

cpe:2.3:a:sangoma:asterisk:20.8.0
Sangoma » Asterisk » Version: 20.8.1

cpe:2.3:a:sangoma:asterisk:20.8.1
Sangoma » Asterisk » Version: 20.9.0

cpe:2.3:a:sangoma:asterisk:20.9.0
Sangoma » Asterisk » Version: 20.9.1

cpe:2.3:a:sangoma:asterisk:20.9.1
Sangoma » Asterisk » Version: 20.9.2

cpe:2.3:a:sangoma:asterisk:20.9.2
Sangoma » Asterisk » Version: 20.9.3

cpe:2.3:a:sangoma:asterisk:20.9.3
Sangoma » Asterisk » Version: 21.0.0

cpe:2.3:a:sangoma:asterisk:21.0.0
Sangoma » Asterisk » Version: 21.0.1

cpe:2.3:a:sangoma:asterisk:21.0.1
Sangoma » Asterisk » Version: 21.0.2

cpe:2.3:a:sangoma:asterisk:21.0.2
Sangoma » Asterisk » Version: 21.1.0

cpe:2.3:a:sangoma:asterisk:21.1.0
Sangoma » Asterisk » Version: 21.10.0

cpe:2.3:a:sangoma:asterisk:21.10.0
Sangoma » Asterisk » Version: 21.2.0

cpe:2.3:a:sangoma:asterisk:21.2.0
Sangoma » Asterisk » Version: 21.3.0

cpe:2.3:a:sangoma:asterisk:21.3.0
Sangoma » Asterisk » Version: 21.3.1

cpe:2.3:a:sangoma:asterisk:21.3.1
Sangoma » Asterisk » Version: 21.4.0

cpe:2.3:a:sangoma:asterisk:21.4.0
Sangoma » Asterisk » Version: 21.4.1

cpe:2.3:a:sangoma:asterisk:21.4.1
Sangoma » Asterisk » Version: 21.4.2

cpe:2.3:a:sangoma:asterisk:21.4.2
Sangoma » Asterisk » Version: 21.4.3

cpe:2.3:a:sangoma:asterisk:21.4.3
Sangoma » Asterisk » Version: 21.5.0

cpe:2.3:a:sangoma:asterisk:21.5.0
Sangoma » Asterisk » Version: 21.6.0

cpe:2.3:a:sangoma:asterisk:21.6.0
Sangoma » Asterisk » Version: 21.6.1

cpe:2.3:a:sangoma:asterisk:21.6.1
Sangoma » Asterisk » Version: 21.7.0

cpe:2.3:a:sangoma:asterisk:21.7.0
Sangoma » Asterisk » Version: 21.8.0

cpe:2.3:a:sangoma:asterisk:21.8.0
Sangoma » Asterisk » Version: 21.9.0

cpe:2.3:a:sangoma:asterisk:21.9.0
Sangoma » Asterisk » Version: 21.9.1

cpe:2.3:a:sangoma:asterisk:21.9.1
Sangoma » Asterisk » Version: 22.0.0

cpe:2.3:a:sangoma:asterisk:22.0.0
Sangoma » Asterisk » Version: 22.1.0

cpe:2.3:a:sangoma:asterisk:22.1.0
Sangoma » Asterisk » Version: 22.1.1

cpe:2.3:a:sangoma:asterisk:22.1.1
Sangoma » Asterisk » Version: 22.2.0

cpe:2.3:a:sangoma:asterisk:22.2.0
Sangoma » Asterisk » Version: 22.3.0

cpe:2.3:a:sangoma:asterisk:22.3.0
Sangoma » Asterisk » Version: 22.4.0

cpe:2.3:a:sangoma:asterisk:22.4.0
Sangoma » Asterisk » Version: 22.4.1

cpe:2.3:a:sangoma:asterisk:22.4.1
Sangoma » Asterisk » Version: 22.5.0

cpe:2.3:a:sangoma:asterisk:22.5.0
Sangoma » Certified Asterisk » Version: 18.9

cpe:2.3:a:sangoma:certified_asterisk:18.9
Sangoma » Certified Asterisk » Version: 20.7

cpe:2.3:a:sangoma:certified_asterisk:20.7

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-1131

Products

Pricing

Contact Us