{"id":85871,"date":"2025-11-18T09:32:39","date_gmt":"2025-11-18T09:32:39","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-47779-spoofing-vulnerability-in-asterisk-s-sip-message-authentication","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47779-spoofing-vulnerability-in-asterisk-s-sip-message-authentication\/","title":{"rendered":"<strong>CVE-2025-47779: Spoofing Vulnerability in Asterisk&#8217;s SIP Message Authentication<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>This report details a significant vulnerability, CVE-2025-47779, found in various versions of Asterisk, an open-source private branch exchange (PBX) system. The vulnerability can potentially allow an authenticated attacker to spoof user identities and send spam messages by exploiting the misalignment in the MESSAGE authentication of Asterisk&#8217;s Session Initiation Protocol (SIP). This poses a serious threat to the integrity and confidentiality of communication systems using Asterisk, as it could enable social engineering and phishing attacks.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-47779<br \/>\nSeverity: High (7.7 CVSS Score)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: Low<br \/>\nUser Interaction: None<br \/>\nImpact: Compromise of system integrity, potential data leakage, and possibility of spam, phishing, and social engineering attacks.<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-1493462576\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 720px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 22px; font-weight: 600; display: flex; align-items: center; letter-spacing: -0.02em;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 10px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 42px; height: 42px;\" \/>\r\n    <\/a>\r\n    Share secrets securely\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 14px; color: #d1d5db;\">\r\n    Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 18px; color: #a1a1aa;\">\r\n    Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 24px; color: #e4e4e7;\">\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Encrypted identity<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Private Spaces for organizations and teams<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 End-to-end encrypted chat, calls, files, and notes<\/li>\r\n    <li style=\"margin-bottom: 8px;\">\u2022 Sensitive AI work and protected collaboration<\/li>\r\n    <li>\u2022 Built for information that cannot leak<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px; color: #ffffff;\">\r\n    Our mission is to secure human work alongside AI.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Download Ameeba\r\n    <\/a>\r\n\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 8px; font-weight: 500;\">\r\n      Learn More\r\n    <\/a>\r\n  <\/div>\r\n<\/div><\/div>\n<p>Product | Affected Versions<\/p>\n<p>Asterisk | Prior to 18.26.2, 20.14.1, 21.9.1, and 22.4.1<br \/>\nCertified-asterisk | Prior to 18.9-cert14 and 20.7-cert5<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The vulnerability lies in the SIP MESSAGE authentication method in Asterisk. Due to improper alignment in the authentication process, an authenticated attacker can manipulate SIP requests of the type MESSAGE to spoof any user identity. By spoofing trusted entities, the attacker can send spam messages to users using their authorization tokens. This can lead to the abuse of user trust, enabling the attacker to launch phishing and social engineering attacks.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-143422786\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here is a conceptual example of how the vulnerability could be exploited with a SIP MESSAGE request:<\/p>\n<pre><code class=\"\" data-line=\"\">MESSAGE \/vulnerable\/endpoint SIP\/2.0\nVia: SIP\/2.0\/TCP attacker.com\nFrom: &quot;Spoofed User&quot; &lt;sip:spoofeduser@target.com&gt;;tag=1928301774\nTo: &lt;sip:victim@target.com&gt;\nCall-ID: 50000\nCSeq: 1 MESSAGE\nContent-Type: text\/plain\nAuthorization: Digest username=&quot;attacker&quot;,realm=&quot;asterisk&quot;,nonce=&quot;...&quot;,uri=&quot;sip:spoofeduser@target.com&quot;,response=&quot;...&quot;\nSpam message or phishing link<\/code><\/pre>\n<p><strong>Mitigation Guidance<\/strong><\/p>\n<p>Affected systems should apply the vendor-provided patch immediately. The patch is available in the following updated versions of Asterisk and Certified-asterisk: 18.26.2, 20.14.1, 21.9.1, and 22.4.1, and 18.9-cert14 and 20.7-cert5 respectively. As a temporary mitigation, use of a Web Application Firewall (WAF) or an Intrusion Detection System (IDS) can help detect and block malicious traffic. However, these are not long-term solutions, as the vulnerability is inherent to the system and needs to be patched.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview This report details a significant vulnerability, CVE-2025-47779, found in various versions of Asterisk, an open-source private branch exchange (PBX) system. The vulnerability can potentially allow an authenticated attacker to spoof user identities and send spam messages by exploiting the misalignment in the MESSAGE authentication of Asterisk&#8217;s Session Initiation Protocol (SIP). This poses a serious [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-85871","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/85871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=85871"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/85871\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=85871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=85871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=85871"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=85871"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=85871"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=85871"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=85871"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=85871"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=85871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}