CVE-2025-47779

HIGH
Published May 22, 2025 Modified Nov 3, 2025 CWE-140 CWE-792

Description

Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue.

CVSS v3.1 Score

7.7
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

Weakness Type (CWE)

CWE-140 CWE-140
CWE-792 CWE-792

Affected Products

Vendor Product
sangoma asterisk
sangoma asterisk
sangoma asterisk
sangoma asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk
sangoma certified_asterisk

References

Frequently Asked Questions

What is CVE-2025-47779? +
Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not get proper alignment. An authenticated attacker can spoof any user identity to send spam messages to the user with their authorization token. Abuse of this security issue allows authenticated attackers to send fake chat messages can be spoofed to appear to come from trusted entities. Even administrators who follow Security best practices and Security Considerations can be impacted. Therefore, abuse can lead to spam and enable social engineering, phishing and similar attacks. Versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk fix the issue. It has a CVSS v3.1 base score of 7.7 (HIGH).
How severe is CVE-2025-47779? +
CVE-2025-47779 has a CVSS v3.1 score of 7.7 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-47779? +
CVE-2025-47779 affects products from sangoma, specifically: asterisk, certified_asterisk. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-47779? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-32918 8.8

Improper neutralization of Livestatus command delimiters in autocomplete endpoint within the RestAPI of Checkmk versions <2.4.0p6, <2.3.0p35, <2.2.0p44, and 2.1.0 …
CVE-2024-38865 8.8

Improper neutralization of livestatus command delimiters in a specific endpoint within RestAPI of Checkmk prior to 2.2.0p39, 2.3.0p25, and 2.1.0p51 …
CVE-2024-38866 7.5

Improper neutralization of input in Nagvis before version 1.9.47 which can lead to livestatus injection
CVE-2025-48879 6.5

OctoPrint versions up until and including 1.11.1 contain a vulnerability that allows any unauthenticated attacker to send a manipulated broken …
CVE-2024-6542 6.5

Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows …
CVE-2025-52989 5.1

An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-47779 — free, no signup required.

Start Free Scan