CVE-2025-47779

Name of the Vulnerable Software and Affected Versions Asterisk versions prior to 18.26.2 Asterisk versions prior to 20.14.1 Asterisk versions prior to 21.9.1 Asterisk versions prior to 22.4.1 certified-asterisk versions prior to 18.9-cert14 certified-asterisk versions prior to 20.7-cert5

Description Asterisk is an open-source private branch exchange (PBX) that has a security issue where SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. This can lead to spam and enable social engineering, phishing, and similar attacks.

Recommendations For Asterisk versions prior to 18.26.2, update to version 18.26.2 or later. For Asterisk versions prior to 20.14.1, update to version 20.14.1 or later. For Asterisk versions prior to 21.9.1, update to version 21.9.1 or later. For Asterisk versions prior to 22.4.1, update to version 22.4.1 or later. For certified-asterisk versions prior to 18.9-cert14, update to version 18.9-cert14 or later. For certified-asterisk versions prior to 20.7-cert5, update to version 20.7-cert5 or later.