CVE-2025-54995

Exploit

EPSS 0.46%
Veröffentlicht 28.08.2025 15:16:02
Zuletzt bearbeitet 03.11.2025 18:17:00
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sangoma ≫ Asterisk Version < 18.26.4

Sangoma ≫ Certified Asterisk Version < 18.9

Sangoma ≫ Certified Asterisk Version18.9 Updatecert1

Sangoma ≫ Certified Asterisk Version18.9 Updatecert1-rc1

Sangoma ≫ Certified Asterisk Version18.9 Updatecert10

Sangoma ≫ Certified Asterisk Version18.9 Updatecert11

Sangoma ≫ Certified Asterisk Version18.9 Updatecert12

Sangoma ≫ Certified Asterisk Version18.9 Updatecert13

Sangoma ≫ Certified Asterisk Version18.9 Updatecert14

Sangoma ≫ Certified Asterisk Version18.9 Updatecert15

Sangoma ≫ Certified Asterisk Version18.9 Updatecert16

Sangoma ≫ Certified Asterisk Version18.9 Updatecert2

Sangoma ≫ Certified Asterisk Version18.9 Updatecert3

Sangoma ≫ Certified Asterisk Version18.9 Updatecert4

Sangoma ≫ Certified Asterisk Version18.9 Updatecert5

Sangoma ≫ Certified Asterisk Version18.9 Updatecert6

Sangoma ≫ Certified Asterisk Version18.9 Updatecert7

Sangoma ≫ Certified Asterisk Version18.9 Updatecert8

Sangoma ≫ Certified Asterisk Version18.9 Updatecert8-rc1

Sangoma ≫ Certified Asterisk Version18.9 Updatecert8-rc2

Sangoma ≫ Certified Asterisk Version18.9 Updatecert9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.46%	0.635

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9

Patch

https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d

Patch

https://github.com/asterisk/asterisk/pull/1405

Issue Tracking

https://github.com/asterisk/asterisk/pull/1406

Issue Tracking

https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2

Vendor Advisory

Exploit

https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html

https://nvd.nist.gov/vuln/detail/CVE-2025-54995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54995

EUVD