CNNVD-202509-3733 Information

CNNVD ID

CNNVD-202509-3733

Related CVE

CVE-2025-1131

• CNNVD Published: 2025-09-23

Description (Chinese)

Asterisk是Asterisk开源的一款PBX系统的软件，运行在Linux系统上，支持使用SIP、IAX、H323协议进行IP通话。 Asterisk存在安全漏洞，该漏洞源于未验证/etc/asterisk/startup.d目录中.sh文件的所有权或权限，可能导致本地权限提升。

Description (English)

Asterisk is a software for the Asterisk open source of the PBX system, which operates on the Linux system and supports IP calls using the SIP, IAX, H323 protocols. There is a security loophole in Asterisk, which stems from the unverified ownership or authority of the .sh file in the /etc/asterisk/startup.d directory, which may lead to the upgrading of local rights.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Astium

Published

2025-09-23

Last Modified

2026-02-24

References

https://github.com/asterisk/asterisk/security/advisories/GHSA-v9q8-9j8m-5xwp

Patch

https://www.asterisk.org/downloads/