CVE-2025-54995 (GCVE-0-2025-54995)
Vulnerability from cvelistv5 – Published: 2025-08-28 15:08 – Updated: 2025-11-03 17:45
VLAI
EPSS
VEX
Title
Asterisk remotely exploitable leak of RTP UDP ports and internal resources
Summary
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.
Severity
6.5 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://github.com/asterisk/asterisk/security/adv… | x_refsource_CONFIRM |
| https://github.com/asterisk/asterisk/pull/1405 | x_refsource_MISC |
| https://github.com/asterisk/asterisk/pull/1406 | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/0278f… | x_refsource_MISC |
| https://github.com/asterisk/asterisk/commit/eafcd… | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2025… |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54995",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T18:53:35.935192Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T18:54:20.465Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:45:15.011Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "asterisk",
"vendor": "asterisk",
"versions": [
{
"status": "affected",
"version": "\u003c 18.26.4"
},
{
"status": "affected",
"version": "\u003c 18.9-cert17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286: Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T15:08:04.468Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1405",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1405"
},
{
"name": "https://github.com/asterisk/asterisk/pull/1406",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/pull/1406"
},
{
"name": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9"
},
{
"name": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d"
}
],
"source": {
"advisory": "GHSA-557q-795j-wfx2",
"discovery": "UNKNOWN"
},
"title": "Asterisk remotely exploitable leak of RTP UDP ports and internal resources"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-54995",
"datePublished": "2025-08-28T15:08:04.468Z",
"dateReserved": "2025-08-04T17:34:24.420Z",
"dateUpdated": "2025-11-03T17:45:15.011Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-54995",
"date": "2026-07-09",
"epss": "0.00449",
"percentile": "0.36085"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-54995\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-08-28T15:16:02.500\",\"lastModified\":\"2026-06-17T09:41:04.943\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.\"},{\"lang\":\"es\",\"value\":\"Asterisk es una centralita privada y un kit de herramientas de telefon\u00eda de c\u00f3digo abierto. Antes de las versiones 18.26.4 y 18.9-cert17, los puertos UDP RTP y los recursos internos pueden filtrarse debido a una falta de finalizaci\u00f3n de la sesi\u00f3n. Esto podr\u00eda resultar en fugas y agotamiento de recursos. Este problema ha sido parcheado en las versiones 18.26.4 y 18.9-cert17.\"}],\"affected\":[{\"source\":\"security-advisories@github.com\",\"affectedData\":[{\"vendor\":\"asterisk\",\"product\":\"asterisk\",\"versions\":[{\"version\":\"\u003c 18.26.4\",\"status\":\"affected\"},{\"version\":\"\u003c 18.9-cert17\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-08-28T18:53:35.935192Z\",\"id\":\"CVE-2025-54995\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"},{\"lang\":\"en\",\"value\":\"CWE-1286\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.26.4\",\"matchCriteriaId\":\"ECF978D6-CB7D-469F-A848-8032435EC560\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"18.9\",\"matchCriteriaId\":\"B71A493F-F47B-4F19-AD21-3800DE63DF5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*\",\"matchCriteriaId\":\"79EEB5E5-B79E-454B-8DCD-3272BA337A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD3BBA39-95EC-462F-8F5A-15E8D07CC804\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6BF553C-020D-4F99-9995-CA4A4383B2DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3069F1F-DDE8-4E9A-B4FF-64B7B11EEFCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*\",\"matchCriteriaId\":\"890205E3-973D-422E-940A-E9190BA37EFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*\",\"matchCriteriaId\":\"23100176-0528-448D-B2FA-D3B9B31A249D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*\",\"matchCriteriaId\":\"346B29FD-48B4-4121-89FD-45325865E54B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*\",\"matchCriteriaId\":\"49798C73-CCC4-4013-8A01-348D6B3D9C5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5019880-BE93-4592-B3E0-C69FA2C47B6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*\",\"matchCriteriaId\":\"892BAE5D-A64E-4FE0-9A99-8C07F342A042\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A716A45-7075-4CA6-9EF5-2DD088248A5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*\",\"matchCriteriaId\":\"80EFA05B-E22D-49CE-BDD6-5C7123F1C12B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*\",\"matchCriteriaId\":\"20FD475F-2B46-47C9-B535-1561E29CB7A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*\",\"matchCriteriaId\":\"7238FCD9-9F40-44BA-A170-69D4857AA1CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*\",\"matchCriteriaId\":\"F657B046-6C83-48F9-A0B1-C63CDA7FD61D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D87C7DE-23EA-4532-A2E4-9BF82ADE12DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B79A5B46-5CA3-445E-BE47-1711DCD038A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D600B37E-94EA-48DE-B48E-871B3A983721\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FC3A00E-D1C6-467F-8FE7-E8437A527B3C\"}]}]}],\"references\":[{\"url\":\"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/asterisk/asterisk/pull/1405\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/asterisk/asterisk/pull/1406\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00006.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T17:45:15.011Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54995\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-08-28T18:53:35.935192Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-08-28T18:54:17.173Z\"}}], \"cna\": {\"title\": \"Asterisk remotely exploitable leak of RTP UDP ports and internal resources\", \"source\": {\"advisory\": \"GHSA-557q-795j-wfx2\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"asterisk\", \"product\": \"asterisk\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 18.26.4\"}, {\"status\": \"affected\", \"version\": \"\u003c 18.9-cert17\"}]}], \"references\": [{\"url\": \"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2\", \"name\": \"https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/asterisk/asterisk/pull/1405\", \"name\": \"https://github.com/asterisk/asterisk/pull/1405\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/asterisk/asterisk/pull/1406\", \"name\": \"https://github.com/asterisk/asterisk/pull/1406\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\", \"name\": \"https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d\", \"name\": \"https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1286\", \"description\": \"CWE-1286: Improper Validation of Syntactic Correctness of Input\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-08-28T15:08:04.468Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-54995\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T17:45:15.011Z\", \"dateReserved\": \"2025-08-04T17:34:24.420Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-08-28T15:08:04.468Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…