CVE-2025-54995

EPSS 0.28%
Veröffentlicht 28.08.2025 15:16:02
Zuletzt bearbeitet 29.08.2025 16:24:29
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerasterisk

≫

Produkt asterisk

Version < 18.26.4

Status affected

Version < 18.9-cert17

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.28%	0.515

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1286 Improper Validation of Syntactic Correctness of Input

The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax.

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9

https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d

https://github.com/asterisk/asterisk/pull/1405

https://github.com/asterisk/asterisk/pull/1406

https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2

https://nvd.nist.gov/vuln/detail/CVE-2025-54995

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-54995

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-54995

EUVD