CVE-2025-1131

Name of the Vulnerable Software and Affected Versions Asterisk toolkit (affected versions not specified)

Description A local privilege escalation issue exists in the safe asterisk script. When Asterisk starts using this script, it executes all .sh files in the /etc/asterisk/startup.d/ directory as root without verifying ownership or permissions. Users with write access to /etc/asterisk can place malicious scripts in the startup.d directory, which will then run with root privileges when the service restarts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.