Asterisk PBX up to 22.5.0 verification.c null pointer dereference

| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.3 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Asterisk PBX up to 18.26.2/20.7-cert6/20.15.0/21.10.0/22.5.0. It has been classified as problematic. The affected element is an unknown function of the file Asterisk/res/res_stir_shaken/verification.c. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2025-49832. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is recommended.
Details
A vulnerability was found in Asterisk PBX up to 18.26.2/20.7-cert6/20.15.0/21.10.0/22.5.0 and classified as problematic. This issue affects an unknown code block of the file Asterisk/res/res_stir_shaken/verification.c. The manipulation with an unknown input leads to a null pointer dereference vulnerability. Using CWE to declare the problem leads to CWE-476. A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. Impacted is availability. The summary by CVE is:
Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1.
The advisory is shared at github.com. The identification of this vulnerability is CVE-2025-49832 since 06/11/2025. The exploitation is known to be easy. The attack may be initiated remotely. Technical details are known, but no exploit is available.
Upgrading to version 18.26.3, 20.7-cert7, 20.15.1, 21.10.1 or 22.5.1 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at CERT Bund (WID-SEC-2025-1697). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Affected
- Debian Linux
- Gentoo Linux
- Open Source Asterisk
Product
Type
Vendor
Name
Version
- 18.26.0
- 18.26.1
- 18.26.2
- 20.0
- 20.1
- 20.2
- 20.3
- 20.4
- 20.5
- 20.6
- 20.7
- 20.7-cert6
- 20.8
- 20.9
- 20.10
- 20.11
- 20.12
- 20.13
- 20.14
- 20.15.0
- 21.0
- 21.1
- 21.2
- 21.3
- 21.4
- 21.5
- 21.6
- 21.7
- 21.8
- 21.9
- 21.10.0
- 22.0
- 22.1
- 22.2
- 22.3
- 22.4
- 22.5.0
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.3
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 6.5
CNA Vector (GitHub_M): 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Null pointer dereferenceCWE: CWE-476 / CWE-404
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔒
Upgrade: PBX 18.26.3/20.7-cert7/20.15.1/21.10.1/22.5.1
Timeline
06/11/2025 CVE reserved08/01/2025 Advisory disclosed
08/01/2025 VulDB entry created
01/26/2026 VulDB entry last update
Sources
Advisory: GHSA-mrq5-74j5-f5crStatus: Confirmed
CVE: CVE-2025-49832 (🔒)
GCVE (CVE): GCVE-0-2025-49832
GCVE (VulDB): GCVE-100-318533
CERT Bund: WID-SEC-2025-1697 - Asterisk: Mehrere Schwachstellen
Entry
Created: 08/01/2025 22:38Updated: 01/26/2026 14:30
Changes: 08/01/2025 22:38 (66), 08/02/2025 13:47 (7), 08/05/2025 01:18 (1), 01/26/2026 14:30 (1)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.