CVE-2025-12204
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rve_destroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12204
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kamailio kamailio 5.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12204 is a heap-buffer-overflow vulnerability in Kamailio SIP Server version 5.5. It occurs in the function rve_destroy() during configuration parsing and cleanup, where improperly handled module function parameter expression trees cause the function to read beyond allocated heap memory boundaries. This happens due to inconsistent internal states of expression objects, such as truncated allocations or stale pointers, leading to out-of-bounds memory reads. The vulnerability can cause Kamailio to crash during configuration parsing or initialization. [1]

Impact Analysis

This vulnerability can cause a guaranteed Denial of Service (DoS) by crashing the Kamailio server during configuration parsing or initialization, preventing the service from starting. Additionally, the heap out-of-bounds read/write may lead to memory corruption, which could potentially be exploited for remote code execution depending on attacker control and environment. However, the attack must be carried out locally. [1]

Detection Guidance

This vulnerability can be detected by monitoring Kamailio 5.5 for crashes or abnormal behavior during configuration parsing or initialization, especially when loading configuration files. A practical detection method is to run Kamailio with AddressSanitizer (ASan) enabled and use a specially crafted configuration file (e.g., kamailio-basic.cfg) that triggers the heap-buffer-overflow in the rve_destroy() function. Commands to detect the issue include building Kamailio with ASan, replacing the default config with the crafted one, and running Kamailio to observe crashes. Specific commands might be: 1) Compile Kamailio with ASan enabled, 2) Replace the configuration file with a test config that triggers the issue, 3) Run Kamailio and monitor logs or crashes. Since the attack must be local and triggers on configuration parsing, monitoring logs for crashes or running Kamailio under a memory error detector like ASan is recommended. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding running Kamailio 5.5 with untrusted or malformed configuration files that could trigger the vulnerability. Since the vulnerability is triggered locally during configuration parsing, ensure that only trusted administrators can modify configuration files. Additionally, monitor for updates or patches from the vendor, although no response was noted from the vendor at the time of disclosure. Running Kamailio in a restricted environment with limited privileges can reduce impact. If possible, use memory protection tools like AddressSanitizer during testing to detect issues early. Until a patch is available, restrict local access and validate configuration files carefully before deployment. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12204. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart