Vulnerability Database

299,184

Total vulnerabilities in the database

CVE-2025-47780

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk command line interface (CLI) by configuring cli_permissions.conf (e.g. with the config line deny=!*) does not work which could lead to a security risk. If an administrator running an Asterisk instance relies on the cli_permissions.conf file to work and expects it to deny all attempts to execute shell commands, then this could lead to a security vulnerability. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

  • Published: May 22, 2025
  • Updated: Nov 4, 2025
  • CVE: CVE-2025-47780
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.8
  • AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWEs:

OWASP TOP 10:

Software From Fixed in
sangoma / asterisk - 18.26.2
sangoma / asterisk 20.0.0 20.14.1
sangoma / asterisk 21.0.0 21.9.1
sangoma / asterisk 22.0.0 22.4.1
sangoma / certified_asterisk - 18.9
sangoma / certified_asterisk 18.9 18.9.x
sangoma / certified_asterisk 18.9-cert1 18.9-cert1.x
sangoma / certified_asterisk 18.9-cert1-rc1 18.9-cert1-rc1.x
sangoma / certified_asterisk 18.9-cert10 18.9-cert10.x
sangoma / certified_asterisk 18.9-cert11 18.9-cert11.x
sangoma / certified_asterisk 18.9-cert12 18.9-cert12.x
sangoma / certified_asterisk 18.9-cert13 18.9-cert13.x
sangoma / certified_asterisk 18.9-cert2 18.9-cert2.x
sangoma / certified_asterisk 18.9-cert3 18.9-cert3.x
sangoma / certified_asterisk 18.9-cert4 18.9-cert4.x
sangoma / certified_asterisk 18.9-cert5 18.9-cert5.x
sangoma / certified_asterisk 18.9-cert6 18.9-cert6.x
sangoma / certified_asterisk 18.9-cert7 18.9-cert7.x
sangoma / certified_asterisk 18.9-cert8 18.9-cert8.x
sangoma / certified_asterisk 18.9-cert8-rc1 18.9-cert8-rc1.x
sangoma / certified_asterisk 18.9-cert8-rc2 18.9-cert8-rc2.x
sangoma / certified_asterisk 18.9-cert9 18.9-cert9.x
sangoma / certified_asterisk 20.7-cert1 20.7-cert1.x
sangoma / certified_asterisk 20.7-cert1-rc1 20.7-cert1-rc1.x
sangoma / certified_asterisk 20.7-cert1-rc2 20.7-cert1-rc2.x
sangoma / certified_asterisk 20.7-cert2 20.7-cert2.x
sangoma / certified_asterisk 20.7-cert3 20.7-cert3.x
sangoma / certified_asterisk 20.7-cert4 20.7-cert4.x