FreeSWITCH, a software‑defined telecom stack, has a stack overflow flaw in its bundled cJSON parser that can be triggered by a single unauthenticated WebSocket frame containing a deeply nested JSON document. The recursive parsing consumes the worker thread’s stack pointer, driving it into the stack guard page and causing the kernel to raise SIGSEGV, which terminates the FreeSWITCH process. The crash removes all active calls and sessions on the host, effectively shutting down the telecom service. The weakness is a classic buffer stack overflow (CWE‑674) and does not provide an arbitrary write or privilege‑escalation capability.

The vulnerability affects all instances of SignalWire’s FreeSWITCH product running any version prior to 1.11.1. This includes deployments on commodity hardware where FreeSWITCH serves as the core telecom controller. Systems that have not upgraded to the patched 1.11.1 release or later remain susceptible.

The CVSS score of 7.5 classifies this issue as high severity. Because no authentication is required, any remote or internal attacker can trigger the flaw by sending a crafted WebSocket frame to the vulnerable endpoint. EPSS data is unavailable, and the vulnerability is not listed in CISA KEV, but the impact of a full service interruption on a production telecom system remains significant. The likely attack vector is a remote or compromised internal WebSocket connection; no local privilege escalation is needed and the exploit does not provide data theft or privilege gain.