CVE-2025-1131
Publication date 23 September 2025
Last updated 24 September 2025
Ubuntu priority
Description
A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. When Asterisk is started via this script (common in SysV init or FreePBX environments), it sources all .sh files located in /etc/asterisk/startup.d/ as root, without validating ownership or permissions. Non-root users with legitimate write access to /etc/asterisk can exploit this behaviour by placing malicious scripts in the startup.d directory, which will then execute with root privileges upon service restart.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| asterisk | 25.04 plucky |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2025-1131
- https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp
- https://github.com/asterisk/asterisk/commit/f97361952023625e8dd49ca03454777fad19fedb (23.0.0-pre1)
- https://github.com/asterisk/asterisk/commit/7ba06dc6ee5efd4edfe79690ad8d61a33b92ce3d (22.5.1)