Critical Vulnerability Information Vulnerability Overview Vulnerability Type: Identity spoofing via malformed From header, achieved by using ";" or NULL in the name part. CVE ID: CVE-2025-47779 CVSS v3 Base Metrics: Severity score 7.7/10, attack vector network, attack complexity low, required privileges low, user interaction none, scope changed, confidentiality and integrity impact high, availability impact none. Affected Versions Affected Versions: - <= 18.26.1 - <= 20.14.0 - <= 21.9.0 - <= 22.4.0 - <= 18.9-cert13 - <= 20.7-cert4 Fixed Versions: - 18.26.2 - 20.14.1 - 21.9.1 - 22.4.1 - 18.9-cert14 - 20.7-cert5 Description Issue: The MESSAGE (RFC 3428) authentication in SIP requests is not properly aligned in affected versions of Asterisk. An authenticated attacker can exploit their authorization token to impersonate any user and send spam messages to users. Example: Sending a fake message using the "john" token, making it appear as if it originated from "admin". Impact Consequences: This security issue allows authenticated attackers to send fraudulent chat messages that can be disguised as originating from trusted entities. Even administrators following security best practices and precautions may be affected. Abuse of this vulnerability could lead to spam, social engineering, phishing, and other attacks. POC (Proof of Concept) Configuration: Configured pjsip.conf and extensions.conf files; detailed steps available in the example repository on GitHub. Attack Process: The attacker sends a SIP message with a specific format; Asterisk mishandles the delimiter ";", resulting in identity spoofing. Acknowledgments Reporter: Qi Wang (Tsinghua University & Zhongguancun Lab) @P3ngu1nW Discoverer: Jingcheng Yang (Tsinghua University) @Ek1Xu Coordinator: Jianjun Chen (Tsinghua University & Zhongguancun Lab) @chenjj