CVE-2025-69205

MEDIUM
Published Dec 29, 2025 Modified Apr 15, 2026 CWE-20 CWE-74

Description

Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )` application due to improper input validation. This allows an attacker to redirect calls on both of the federating instances. If the attack succeeds, the impact is very high. However, the requires that an admin accept the federation requests. As of time of publication, a known patched version of µURU is not available.

CVSS v3.1 Score

6.3
MEDIUM
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-20 Improper Input Validation
CWE-74 CWE-74

References

Frequently Asked Questions

What is CVE-2025-69205? +
Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )` application due to improper input validation. This allows an attacker to redirect calls on both of the federating instances. If the attack succeeds, the impact is very high. However, the requires that an admin accept the federation requests. As of time of publication, a known patched version of µURU is not available. It has a CVSS v3.1 base score of 6.3 (MEDIUM).
How severe is CVE-2025-69205? +
CVE-2025-69205 has a CVSS v3.1 score of 6.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
How do I check if I'm vulnerable to CVE-2025-69205? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-13826

Zervit's portable HTTP/web server is vulnerable to remote DoS attacks when a configuration reset request is made. The vulnerability is …
CVE-2026-44522

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to …
CVE-2024-54011

Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in …
CVE-2026-6409

A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured …
CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a …
CVE-2025-23202

Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-69205 — free, no signup required.

Start Free Scan