ID
VAR-202509-3117
CVE
CVE-2025-1131
DESCRIPTION
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
Trust: 1.0
AFFECTED PRODUCTS
| vendor: | sangoma | model: | asterisk | scope: | lt | version: | 20.15.1 | Trust: 1.0 |
| vendor: | sangoma | model: | asterisk | scope: | gte | version: | 20.0.0 | Trust: 1.0 |
| vendor: | sangoma | model: | certified asterisk | scope: | eq | version: | 20.7 | Trust: 1.0 |
| vendor: | sangoma | model: | asterisk | scope: | lt | version: | 18.26.3 | Trust: 1.0 |
| vendor: | sangoma | model: | asterisk | scope: | gte | version: | 22.0.0 | Trust: 1.0 |
| vendor: | sangoma | model: | asterisk | scope: | lt | version: | 22.5.1 | Trust: 1.0 |
| vendor: | sangoma | model: | certified asterisk | scope: | eq | version: | 18.9 | Trust: 1.0 |
| vendor: | sangoma | model: | asterisk | scope: | gte | version: | 21.0.0 | Trust: 1.0 |
| vendor: | sangoma | model: | asterisk | scope: | lt | version: | 21.10.1 | Trust: 1.0 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-427 | Trust: 1.0 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2025-1131 | Trust: 1.0 |
REFERENCES
| url: | https://github.com/asterisk/asterisk/security/advisories/ghsa-v9q8-9j8m-5xwp | Trust: 1.0 |
SOURCES
| db: | NVD | id: | CVE-2025-1131 |
LAST UPDATE DATE
2025-10-09T23:23:47.193000+00:00
SOURCES UPDATE DATE
| db: | NVD | id: | CVE-2025-1131 | date: | 2025-10-08T20:35:00.300 |
SOURCES RELEASE DATE
| db: | NVD | id: | CVE-2025-1131 | date: | 2025-09-23T05:15:35.603 |