CVE-2025-69205

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Micro Registration Utility (µURU) versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893

Description The Micro Registration Utility (µURU), a telephone self registration utility based on asterisk, contains a flaw due to improper input validation. An attacker can craft a specific federation name, injecting characters treated specially by asterisk into the Dial() application. This allows redirection of calls on both federating instances. Successful exploitation requires an administrator to accept federation requests.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-20

Related Identifiers

CVE-2025-69205

GHSA-XVRH-PM3F-79V4

Affected Products

Micro Registration Utility

Asterisk

CVE-2025-69205

Weakness Enumeration

Related Identifiers

Affected Products

References · 8