CVE-2025-1131

UNKNOWN 0.0

Asterisk Unsafe Shell Sourcing in safe_asterisk Leads to Local Privilege Escalation

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

CWE	CWE-427
Vendor	asterisk
Product	asterisk
Published	Sep 23, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for asterisk asterisk

Be the first to know when new unknown vulnerabilities affecting asterisk asterisk are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Asterisk / Asterisk

Asterisk <=18.26.2 Asterisk <= 20.15.0 Asterisk <= 21.10.0 Asterisk <= 22.5.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html

Credits

Abdul Mhanni