Asterisk · Asterisk · CVE-2025-49832
**Name of the Vulnerable Software and Affected Versions**
Asterisk versions 18.26.2 and earlier
Asterisk versions 20.00.0 through 20.15.0
Asterisk version 20.7-cert6
Asterisk version 21.00.0
Asterisk versions 22.00.0 through 22.5.0
**Description**
Asterisk is an open source private branch exchange and telephony toolkit. A remote Denial of Service (DoS) and potential Remote Code Execution (RCE) condition exists in `asterisk/res/res stir shaken/verification.c` when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled with verification set in the associated SIP profile.
**Recommendations**
Update to Asterisk version 18.26.3 or later.
Update to Asterisk version 20.7-cert6 or later.
Update to Asterisk version 20.15.1 or later.
Update to Asterisk version 21.10.1 or later.
Update to Asterisk version 22.5.1 or later.