cvedb.io
CVE-2025-1131
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2025-09-23T05:15:35.603 · Last modified 2026-06-17T08:38:26.193

Summary

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.

Affected products

sangoma — asterisk

Does this affect you?

Add your gear to cvedb and we'll alert you only when sangoma ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.