ID
VAR-202508-3607
CVE
CVE-2025-54995
DESCRIPTION
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
Trust: 1.0
sources:
NVD: CVE-2025-54995
AFFECTED PRODUCTS
| vendor: | sangoma | model: | asterisk | scope: | lt | version: | 18.26.4 | Trust: 1.0 |
| vendor: | sangoma | model: | certified asterisk | scope: | eq | version: | 18.9 | Trust: 1.0 |
| vendor: | sangoma | model: | certified asterisk | scope: | lt | version: | 18.9 | Trust: 1.0 |
sources:
NVD: CVE-2025-54995
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||
|
|
sources:
NVD: CVE-2025-54995
PROBLEMTYPE DATA
| problemtype: | CWE-400 | Trust: 1.0 |
| problemtype: | CWE-1286 | Trust: 1.0 |
sources:
NVD: CVE-2025-54995
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-54995 | Trust: 1.0 |
sources:
NVD: CVE-2025-54995
REFERENCES
| url: | https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d | Trust: 1.0 |
| url: | https://github.com/asterisk/asterisk/security/advisories/ghsa-557q-795j-wfx2 | Trust: 1.0 |
| url: | https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 | Trust: 1.0 |
| url: | https://github.com/asterisk/asterisk/pull/1405 | Trust: 1.0 |
| url: | https://github.com/asterisk/asterisk/pull/1406 | Trust: 1.0 |
| url: | https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html | Trust: 1.0 |
sources:
NVD: CVE-2025-54995
SOURCES
| db: | NVD | id: | CVE-2025-54995 |
LAST UPDATE DATE
2025-11-18T15:32:26.481000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2025-54995 | date: | 2025-11-03T18:17:00.357 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2025-54995 | date: | 2025-08-28T15:16:02.500 |