CVE-2025-49832 – Asterisk has a vulnerability in its STIR/SHAKEN... (How to Fix)

Q: What is the severity of CVE-2025-49832?

CVE-2025-49832 has a CVSS score of 6.5 (MEDIUM). Asterisk has a vulnerability in its STIR/SHAKEN verification module that allows remote attackers to cause denial of service or potentially execute arbitrary code. This affects Asterisk installations with STIR/SHAKEN enabled or where attackers can set arbitrary Identity headers. Systems running vulnerable versions of Asterisk are at risk.

📋 TL;DR

Asterisk has a vulnerability in its STIR/SHAKEN verification module that allows remote attackers to cause denial of service or potentially execute arbitrary code. This affects Asterisk installations with STIR/SHAKEN enabled or where attackers can set arbitrary Identity headers. Systems running vulnerable versions of Asterisk are at risk.

💻 Affected Systems

Products:

Asterisk

Versions: Up to and including 18.26.2, between 20.00.0 and 20.15.0, 20.7-cert6, 21.00.0, 22.00.0 through 22.5.0

Operating Systems: All platforms running Asterisk

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when STIR/SHAKEN is enabled with verification set in SIP profile, or when attackers can set arbitrary Identity headers

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and data exfiltration

🟠

Likely Case

Remote denial of service causing telephony service disruption

🟢

If Mitigated

Limited impact with proper network segmentation and access controls

🌐 Internet-Facing: HIGH - Asterisk servers exposed to the internet are directly vulnerable to remote exploitation

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires ability to set arbitrary Identity headers or STIR/SHAKEN enabled with verification configured

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 18.26.3, 20.7-cert6, 20.15.1, 21.10.1, 22.5.1

Vendor Advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr

Restart Required: Yes

Instructions:

1. Identify your Asterisk version. 2. Upgrade to the patched version for your branch. 3. Restart Asterisk service. 4. Verify the fix is applied.

🔧 Temporary Workarounds

Disable STIR/SHAKEN verification

all

Temporarily disable STIR/SHAKEN verification in SIP profiles if not required

Edit sip.conf or relevant configuration file and set 'stir_shaken_verification = no' in affected profiles

Restrict Identity header manipulation

all

Implement SIP header validation to prevent arbitrary Identity header manipulation

Configure SIP firewall rules to validate and sanitize Identity headers

🧯 If You Can't Patch

Implement strict network segmentation to isolate Asterisk servers
Deploy SIP-aware firewalls to filter and validate Identity headers

🔍 How to Verify

Check if Vulnerable:

Check Asterisk version and verify if STIR/SHAKEN is enabled with verification in SIP profiles

Check Version:

asterisk -V

Verify Fix Applied:

Verify Asterisk version is updated to patched version and test STIR/SHAKEN functionality

📡 Detection & Monitoring

Log Indicators:

Unusual SIP Identity header patterns
STIR/SHAKEN verification failures
Asterisk process crashes

Network Indicators:

Malformed SIP packets with manipulated Identity headers
Unusual traffic patterns to STIR/SHAKEN endpoints

SIEM Query:

source="asterisk" AND ("stir_shaken" OR "verification.c" OR "Identity header")

📊 Metadata

CVE ID: CVE-2025-49832

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

EPSS Score: 0.24% exploit probability (46th percentile)

Published: August 1, 2025

Last Updated: August 25, 2025

🔗 References

https://github.com/asterisk/asterisk/security/advisories/GHSA-mrq5-74j5-f5cr Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-49832, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Asterisk by Sangoma

Asterisk by Sangoma

Asterisk by Sangoma

Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

Certified Asterisk by Sangoma

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable STIR/SHAKEN verification

Restrict Identity header manipulation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities