7.8

CVE-2025-1131

Exploit

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions.


Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SangomaAsterisk Version < 18.26.3
SangomaAsterisk Version >= 20.0.0 < 20.15.1
SangomaAsterisk Version >= 21.0.0 < 21.10.1
SangomaAsterisk Version >= 22.0.0 < 22.5.1
SangomaCertified Asterisk Version18.9 Updatecert1
SangomaCertified Asterisk Version18.9 Updatecert1-rc1
SangomaCertified Asterisk Version18.9 Updatecert10
SangomaCertified Asterisk Version18.9 Updatecert11
SangomaCertified Asterisk Version18.9 Updatecert12
SangomaCertified Asterisk Version18.9 Updatecert13
SangomaCertified Asterisk Version18.9 Updatecert14
SangomaCertified Asterisk Version18.9 Updatecert15
SangomaCertified Asterisk Version18.9 Updatecert2
SangomaCertified Asterisk Version18.9 Updatecert3
SangomaCertified Asterisk Version18.9 Updatecert4
SangomaCertified Asterisk Version18.9 Updatecert5
SangomaCertified Asterisk Version18.9 Updatecert6
SangomaCertified Asterisk Version18.9 Updatecert7
SangomaCertified Asterisk Version18.9 Updatecert8
SangomaCertified Asterisk Version18.9 Updatecert8-rc1
SangomaCertified Asterisk Version18.9 Updatecert8-rc2
SangomaCertified Asterisk Version18.9 Updatecert9
SangomaCertified Asterisk Version20.7 Updatecert1
SangomaCertified Asterisk Version20.7 Updatecert1-rc1
SangomaCertified Asterisk Version20.7 Updatecert1-rc2
SangomaCertified Asterisk Version20.7 Updatecert2
SangomaCertified Asterisk Version20.7 Updatecert3
SangomaCertified Asterisk Version20.7 Updatecert4
SangomaCertified Asterisk Version20.7 Updatecert5
SangomaCertified Asterisk Version20.7 Updatecert6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.04% 0.132
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
b7efe717-a805-47cf-8e9a-921fca0ce0ce 7 0 0
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:C/RE:H/U:Amber
CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.