CVE-2025-54995

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-54995
Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 Patch
https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d Patch
https://github.com/asterisk/asterisk/pull/1405 Issue Tracking
https://github.com/asterisk/asterisk/pull/1406 Issue Tracking
https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2 Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*
History

20 Oct 2025, 15:26

Type Values Removed Values Added
CPE cpe:2.3:a:sangoma:certified_asterisk:18.9:cert10:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert12:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert15:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert9:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert7:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert13:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8:*:*:*:*:*:*
cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert8-rc2:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert3:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert6:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert5:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert16:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert11:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert1-rc1:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert14:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:18.9:cert4:*:*:*:*:*:*
cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*
First Time Sangoma asterisk
Sangoma
Sangoma certified Asterisk
References () https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 - () https://github.com/asterisk/asterisk/commit/0278f5bde14565c6838a6ec39bc21aee0cde56a9 - Patch
References () https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d - () https://github.com/asterisk/asterisk/commit/eafcd7a451dcd007dddf324ac37dd55a4808338d - Patch
References () https://github.com/asterisk/asterisk/pull/1405 - () https://github.com/asterisk/asterisk/pull/1405 - Issue Tracking
References () https://github.com/asterisk/asterisk/pull/1406 - () https://github.com/asterisk/asterisk/pull/1406 - Issue Tracking
References () https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2 - () https://github.com/asterisk/asterisk/security/advisories/GHSA-557q-795j-wfx2 - Exploit, Vendor Advisory

28 Aug 2025, 15:16

Type Values Removed Values Added
New CVE
Information

Published : 2025-08-28 15:16

Updated : 2025-10-20 15:26

NVD link : CVE-2025-54995

Mitre link : CVE-2025-54995

CVE.ORG link : CVE-2025-54995

JSON object : View

Products Affected

sangoma

  • certified_asterisk
  • asterisk
CWE
CWE-400

Uncontrolled Resource Consumption

CWE-1286

Improper Validation of Syntactic Correctness of Input