Login Sign Up

CVE-2025-57767

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Asterisk allows remote attackers to cause a denial of service (crash) by sending specially crafted SIP requests with malformed Authorization headers. The crash occurs due to a NULL pointer dereference when processing authentication realms. All Asterisk installations using affected versions are vulnerable if they handle SIP traffic.

💻 Affected Systems

Products:
  • Asterisk
Versions: All versions prior to 20.15.2, 21.10.2, and 22.5.2
Operating Systems: All operating systems running Asterisk
Default Config Vulnerable: ⚠️ Yes
Notes: Any Asterisk installation with SIP authentication enabled is vulnerable. The vulnerability is in the authentication module itself.

📦 What is this software?

Asterisk by Sangoma

View all CVEs affecting Asterisk →

Asterisk by Sangoma

View all CVEs affecting Asterisk →

Asterisk by Sangoma

View all CVEs affecting Asterisk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote unauthenticated attacker causes Asterisk service crash, disrupting all telephony services until manual restart.

🟠

Likely Case

Denial of service affecting telephony services, potentially causing dropped calls and service disruption.

🟢

If Mitigated

No impact if patched versions are deployed or if vulnerable systems are not exposed to untrusted networks.

🌐 Internet-Facing: HIGH - Asterisk servers exposed to the internet can be crashed remotely without authentication.
🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt telephony services.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a malformed SIP request, which is straightforward for attackers familiar with SIP protocol.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.15.2, 21.10.2, or 22.5.2 depending on your branch

Vendor Advisory: https://github.com/asterisk/asterisk/security/advisories/GHSA-64qc-9x89-rx5j

Restart Required: Yes

Instructions:

1. Identify your Asterisk version branch (20.x, 21.x, or 22.x). 2. Upgrade to the corresponding patched version: 20.15.2, 21.10.2, or 22.5.2. 3. Restart Asterisk service after upgrade.

🔧 Temporary Workarounds

No workarounds available

all

The vendor advisory states there are no workarounds for this vulnerability.

🧯 If You Can't Patch

  • Restrict network access to Asterisk SIP ports (default 5060/5061) to trusted sources only using firewall rules.
  • Implement network segmentation to isolate Asterisk servers from untrusted networks and potential attackers.

🔍 How to Verify

Check if Vulnerable:

Check Asterisk version with: asterisk -rx 'core show version'

Check Version:

asterisk -rx 'core show version'

Verify Fix Applied:

Verify version is 20.15.2, 21.10.2, or 22.5.2 or higher using: asterisk -rx 'core show version'

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in Asterisk logs
  • Unexpected service crashes
  • Failed authentication attempts with malformed realms

Network Indicators:

  • SIP packets with Authorization headers containing unexpected realms
  • Multiple SIP requests to authentication endpoints

SIEM Query:

source="asterisk.log" AND ("segmentation fault" OR "SEGV" OR "crash" OR "authentication failed")

📊 Metadata

CVE ID: CVE-2025-57767
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-253
EPSS Score: 0.13% exploit probability (32.6th percentile)
Published: August 28, 2025
Last Updated: October 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-57767, you might also want to check these:

CVE-2023-4501 9.8

This critical authentication bypass vulnerability in OpenText COBOL products allows attackers to log...

Same vulnerability type (CWE-253)
CVE-2023-49286 8.6

Squid caching proxy versions before 6.5 contain an incorrect check of function return value bug in h...

Same vulnerability type (CWE-253)
CVE-2026-0648 7.8

This vulnerability allows attackers to cause denial-of-service or memory corruption by exhausting th...

Same vulnerability type (CWE-253)