CVE-2025-69205: CWE-20: Improper Input Validation in olell uURU
Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )` application due to improper input validation. This allows an attacker to redirect calls on both of the federating instances. If the attack succeeds, the impact is very high. However, the requires that an admin accept the federation requests. As of time of publication, a known patched version of µURU is not available.
CVE-2025-69205: CWE-20: Improper Input Validation in olell uURU
Description
Micro Registration Utility (µURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( )` application due to improper input validation. This allows an attacker to redirect calls on both of the federating instances. If the attack succeeds, the impact is very high. However, the requires that an admin accept the federation requests. As of time of publication, a known patched version of µURU is not available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2025-12-29T14:50:34.116Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6952ec0d71a94549f15553a5
Added to database: 12/29/2025, 9:01:01 PM
Last updated: 12/29/2025, 11:31:15 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-68040: CWE-201 Insertion of Sensitive Information Into Sent Data in weDevs WP Project Manager
MediumCVE-2025-68036: CWE-862 Missing Authorization in Emraan Cheema CubeWP
HighCVE-2023-41656: CWE-862 Missing Authorization in wpdive Better Elementor Addons
MediumCVE-2023-32238: Vulnerability in CodexThemes TheGem (Elementor)
MediumCVE-2025-15209: SQL Injection in code-projects Refugee Food Management System
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.