CVE-2025-54995

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

Published: Aug 28, 2025
Updated: Nov 4, 2025
CVE: CVE-2025-54995
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

Affected Software
References

Software	From	Fixed in
sangoma / asterisk	-	18.26.4
sangoma / certified_asterisk	-	18.9
sangoma / certified_asterisk	18.9-cert1	18.9-cert1.x
sangoma / certified_asterisk	18.9-cert1-rc1	18.9-cert1-rc1.x
sangoma / certified_asterisk	18.9-cert10	18.9-cert10.x
sangoma / certified_asterisk	18.9-cert11	18.9-cert11.x
sangoma / certified_asterisk	18.9-cert12	18.9-cert12.x
sangoma / certified_asterisk	18.9-cert13	18.9-cert13.x
sangoma / certified_asterisk	18.9-cert14	18.9-cert14.x
sangoma / certified_asterisk	18.9-cert15	18.9-cert15.x
sangoma / certified_asterisk	18.9-cert16	18.9-cert16.x
sangoma / certified_asterisk	18.9-cert2	18.9-cert2.x
sangoma / certified_asterisk	18.9-cert3	18.9-cert3.x
sangoma / certified_asterisk	18.9-cert4	18.9-cert4.x
sangoma / certified_asterisk	18.9-cert5	18.9-cert5.x
sangoma / certified_asterisk	18.9-cert6	18.9-cert6.x
sangoma / certified_asterisk	18.9-cert7	18.9-cert7.x
sangoma / certified_asterisk	18.9-cert8	18.9-cert8.x
sangoma / certified_asterisk	18.9-cert8-rc1	18.9-cert8-rc1.x
sangoma / certified_asterisk	18.9-cert8-rc2	18.9-cert8-rc2.x
sangoma / certified_asterisk	18.9-cert9	18.9-cert9.x

Vulnerability Database

CVE-2025-54995

Deep Security Visibility Without the Complexity