Vulnerability Database

299,184

Total vulnerabilities in the database

CVE-2025-1131

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.

Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

  • Published: Sep 23, 2025
  • Updated: Nov 4, 2025
  • CVE: CVE-2025-1131
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

Software From Fixed in
sangoma / asterisk - 18.26.3
sangoma / asterisk 20.0.0 20.15.1
sangoma / asterisk 21.0.0 21.10.1
sangoma / asterisk 22.0.0 22.5.1
sangoma / certified_asterisk 18.9-cert1 18.9-cert1.x
sangoma / certified_asterisk 18.9-cert1-rc1 18.9-cert1-rc1.x
sangoma / certified_asterisk 18.9-cert10 18.9-cert10.x
sangoma / certified_asterisk 18.9-cert11 18.9-cert11.x
sangoma / certified_asterisk 18.9-cert12 18.9-cert12.x
sangoma / certified_asterisk 18.9-cert13 18.9-cert13.x
sangoma / certified_asterisk 18.9-cert14 18.9-cert14.x
sangoma / certified_asterisk 18.9-cert15 18.9-cert15.x
sangoma / certified_asterisk 18.9-cert2 18.9-cert2.x
sangoma / certified_asterisk 18.9-cert3 18.9-cert3.x
sangoma / certified_asterisk 18.9-cert4 18.9-cert4.x
sangoma / certified_asterisk 18.9-cert5 18.9-cert5.x
sangoma / certified_asterisk 18.9-cert6 18.9-cert6.x
sangoma / certified_asterisk 18.9-cert7 18.9-cert7.x
sangoma / certified_asterisk 18.9-cert8 18.9-cert8.x
sangoma / certified_asterisk 18.9-cert8-rc1 18.9-cert8-rc1.x
sangoma / certified_asterisk 18.9-cert8-rc2 18.9-cert8-rc2.x
sangoma / certified_asterisk 18.9-cert9 18.9-cert9.x
sangoma / certified_asterisk 20.7-cert1 20.7-cert1.x
sangoma / certified_asterisk 20.7-cert1-rc1 20.7-cert1-rc1.x
sangoma / certified_asterisk 20.7-cert1-rc2 20.7-cert1-rc2.x
sangoma / certified_asterisk 20.7-cert2 20.7-cert2.x
sangoma / certified_asterisk 20.7-cert3 20.7-cert3.x
sangoma / certified_asterisk 20.7-cert4 20.7-cert4.x
sangoma / certified_asterisk 20.7-cert5 20.7-cert5.x
sangoma / certified_asterisk 20.7-cert6 20.7-cert6.x