PT-2025-35096 · Asterisk +1 · Asterisk +1

Alexat

Published

2025-08-28

Updated

2025-08-29

CVE-2025-54995

Report an issue

CVSS v3.1

6.5

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions:

Asterisk versions prior to 18.26.4

Asterisk versions prior to 18.9-cert17

Description:

Asterisk, an open source private branch exchange and telephony toolkit, is susceptible to resource exhaustion due to a lack of session termination. This can lead to leaks of RTP UDP ports and internal resources.

Recommendations:

Update Asterisk to version 18.26.4 or later.

Update Asterisk to version 18.9-cert17 or later.

Fix

Resource Exhaustion

Weakness Enumeration

CWE-1286CWE-400

Related Identifiers

CVE-2025-54995

GHSA-557Q-795J-WFX2

Affected Products

Asterisk

Debian

PT-2025-35096 · Asterisk +1 · Asterisk +1

Weakness Enumeration

Related Identifiers

Affected Products

References · 13