CVE-2025-49832

Name of the Vulnerable Software and Affected Versions Asterisk versions 18.26.2 and earlier Asterisk versions 20.00.0 through 20.15.0 Asterisk version 20.7-cert6 Asterisk version 21.00.0 Asterisk versions 22.00.0 through 22.5.0

Description Asterisk is an open source private branch exchange and telephony toolkit. A remote Denial of Service (DoS) and potential Remote Code Execution (RCE) condition exists in asterisk/res/res stir shaken/verification.c when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled with verification set in the associated SIP profile.

Recommendations Update to Asterisk version 18.26.3 or later. Update to Asterisk version 20.7-cert6 or later. Update to Asterisk version 20.15.1 or later. Update to Asterisk version 21.10.1 or later. Update to Asterisk version 22.5.1 or later.