{"id":85871,"date":"2025-11-18T09:32:39","date_gmt":"2025-11-18T09:32:39","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-47779-spoofing-vulnerability-in-asterisk-s-sip-message-authentication","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47779-spoofing-vulnerability-in-asterisk-s-sip-message-authentication\/","title":{"rendered":"<strong>CVE-2025-47779: Spoofing Vulnerability in Asterisk&#8217;s SIP Message Authentication<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>This report details a significant vulnerability, CVE-2025-47779, found in various versions of Asterisk, an open-source private branch exchange (PBX) system. The vulnerability can potentially allow an authenticated attacker to spoof user identities and send spam messages by exploiting the misalignment in the MESSAGE authentication of Asterisk&#8217;s Session Initiation Protocol (SIP). This poses a serious threat to the integrity and confidentiality of communication systems using Asterisk, as it could enable social engineering and phishing attacks.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-47779<br \/>\nSeverity: High (7.7 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: Compromise of system integrity, potential data leakage, and possibility of spam, phishing, and social engineering attacks.<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-4236985414\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Asterisk | Prior to 18.26.2, 20.14.1, 21.9.1, and 22.4.1<br \/>\nCertified-asterisk | Prior to 18.9-cert14 and 20.7-cert5<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The vulnerability lies in the SIP MESSAGE authentication method in Asterisk. Due to improper alignment in the authentication process, an authenticated attacker can manipulate SIP requests of the type MESSAGE to spoof any user identity. By spoofing trusted entities, the attacker can send spam messages to users using their authorization tokens. This can lead to the abuse of user trust, enabling the attacker to launch phishing and social engineering attacks.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-2514860654\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here is a conceptual example of how the vulnerability could be exploited with a SIP MESSAGE request:<\/p>\n<pre><code class=\"\" data-line=\"\">MESSAGE \/vulnerable\/endpoint SIP\/2.0\nVia: SIP\/2.0\/TCP attacker.com\nFrom: &quot;Spoofed User&quot; &lt;sip:spoofeduser@target.com&gt;;tag=1928301774\nTo: &lt;sip:victim@target.com&gt;\nCall-ID: 50000\nCSeq: 1 MESSAGE\nContent-Type: text\/plain\nAuthorization: Digest username=&quot;attacker&quot;,realm=&quot;asterisk&quot;,nonce=&quot;...&quot;,uri=&quot;sip:spoofeduser@target.com&quot;,response=&quot;...&quot;\nSpam message or phishing link<\/code><\/pre>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Affected systems should apply the vendor-provided patch immediately. The patch is available in the following updated versions of Asterisk and Certified-asterisk: 18.26.2, 20.14.1, 21.9.1, and 22.4.1, and 18.9-cert14 and 20.7-cert5 respectively. As a temporary mitigation, use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can help detect and block malicious traffic. However, these are not long-term solutions, as the vulnerability is inherent to the system and needs to be patched.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This report details a significant vulnerability, CVE-2025-47779, found in various versions of Asterisk, an open-source private branch exchange (PBX) system. The vulnerability can potentially allow an authenticated attacker to spoof user identities and send spam messages by exploiting the misalignment in the MESSAGE authentication of Asterisk&#8217;s Session Initiation Protocol (SIP). This poses a serious [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-85871","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/85871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=85871"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/85871\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=85871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=85871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=85871"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=85871"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=85871"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=85871"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=85871"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=85871"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=85871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}