Local Privilege Escalation Vulnerability in Asterisk Toolkit by Asterisk
CVE-2025-1131

7HIGH

Key Information:

Vendor: Asterisk
Status: Asterisk
Vendor: CVE Published:; 23 September 2025

What is CVE-2025-1131?

A local privilege escalation issue has been identified in the safe_asterisk script bundled within the Asterisk toolkit. When initiated, this script executes all .sh files located in the /etc/asterisk/startup.d/ directory as the root user, without confirming their ownership or permissions. This flaw can be exploited by non-root users who have legitimate write access to /etc/asterisk. By placing malicious scripts in the startup.d directory, attackers can have these scripts executed with root privileges upon a service restart, thereby compromising the system's integrity.

Affected Version(s)

Asterisk Linux Asterisk <=18.26.2 <= Asterisk 18.26.2

Asterisk Linux Asterisk <= 20.15.0 <= Asterisk 20.15.0

Asterisk Linux Asterisk <= 21.10.0 <= Asterisk 21.10.0

References

https://github.com/asterisk/asterisk/security/advisories/...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 23, 2025
Vulnerability Reserved
Feb 8, 2025

Credit

Abdul Mhanni

JSON