{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-21T01:59:15.384","vulnerabilities":[{"cve":{"id":"CVE-2025-49832","sourceIdentifier":"security-advisories@github.com","published":"2025-08-01T18:15:52.667","lastModified":"2025-08-25T17:42:27.407","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Asterisk is an open source private branch exchange and telephony toolkit. In versions up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0, there is a remote DoS and possible RCE condition in `asterisk/res/res_stir_shaken /verification.c` that can be exploited when an attacker can set an arbitrary Identity header, or STIR/SHAKEN is enabled, with verification set in the SIP profile associated with the endpoint to be attacked. This is fixed in versions 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 and 22.5.1."},{"lang":"es","value":"Asterisk es un kit de herramientas de telefonía y centralitas privadas de código abierto. En las versiones hasta la 18.26.2 (incluida), entre las 20.00.0 y 20.15.0, 20.7-cert6, 21.00.0 y 22.00.0 a 22.5.0, existe una condición de denegación de servicio (DoS) remota y un posible RCE en `asterisk/res/res_stir_shaken /verification.c` que puede explotarse cuando un atacante puede configurar un encabezado de identidad arbitrario, o si STIR/SHAKEN está habilitado, con la verificación configurada en el perfil SIP asociado al endpoint atacado. Esto se ha corregido en las versiones 18.26.3, 20.7-cert6, 20.15.1, 21.10.1 y 22.5.1."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionEndExcluding":"18.26.3","matchCriteriaId":"A99F7956-1812-47C7-9649-C889E5A296EB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.15.1","matchCriteriaId":"A3AD4D76-AF85-414E-8C6D-6C505D8D58D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0.0","versionEndExcluding":"21.10.1","matchCriteriaId":"D23AFE39-A2E8-45EE-9F0B-3A96731299FD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:asterisk:*:*:*:*:*:*:*:*","versionStartIncluding":"22.0.0","versionEndExcluding":"22.5.1","matchCriteriaId":"FFA121CE-5F37-4731-A1FA-B83F7E1AD845"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:*:*:*:*:*:*:*:*","versionEndIncluding":"18.9","matchCriteriaId":"44460225-C50D-414A-A2E0-F8280E1C1E1D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1:*:*:*:*:*:*","matchCriteriaId":"79225576-AF7C-4099-9624-C53578A7417F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc1:*:*:*:*:*:*","matchCriteriaId":"29323E6E-12C9-46C7-B29C-25E0CD537A8E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert1-rc2:*:*:*:*:*:*","matchCriteriaId":"8E563972-78C0-40A0-83EA-6A3BA3D71946"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert2:*:*:*:*:*:*","matchCriteriaId":"64209621-D458-432A-B0E3-C8D0B6698574"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert3:*:*:*:*:*:*","matchCriteriaId":"B148158A-8354-41C2-A44C-2C0DAABAD217"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert4:*:*:*:*:*:*","matchCriteriaId":"3D4D96E8-1F01-42B8-9181-67DEB12D9DD2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert5:*:*:*:*:*:*","matchCriteriaId":"50D1B02A-F5F9-48EB-A396-412821F5D602"},{"vulnerable":true,"criteria":"cpe:2.3:a:sangoma:certified_asterisk:20.7:cert6:*:*:*:*:*:*","matchCriteriaId":"4CBB2891-448F-4C4E-8A47-2283A8F71FE6"}]}]}],"references":[{"url":"https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}