CVE-2025-12205
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12205
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kamailio kamailio 5.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-416 The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12205 is a heap use-after-free vulnerability in Kamailio SIP Server 5.5, specifically in the configuration file parsing function sr_push_yy_state. The issue arises because the code inconsistently manages memory for filename strings when handling 'include' directives. It prematurely frees heap-allocated memory (newf) while other parts of the parser still reference it, leading to use-after-free conditions. This causes invalid memory reads and can crash the server during configuration parsing. [1]

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the Kamailio server during configuration parsing, preventing it from starting. Additionally, depending on heap layout and exploitation, it may lead to memory corruption, which could potentially allow arbitrary code execution or privilege escalation. [1]

Detection Guidance

This vulnerability can be detected by running Kamailio 5.5 with AddressSanitizer (ASan) enabled and using a crafted configuration file that triggers the use-after-free in the function sr_push_yy_state during configuration parsing. Monitoring for crashes or memory errors during server startup is key. There are no specific network commands to detect this vulnerability since the attack must be initiated locally and it occurs during configuration file parsing. Suggested detection steps include: 1) Build Kamailio with ASan enabled. 2) Run Kamailio with a configuration file that includes crafted 'include' directives to trigger the bug. 3) Observe for ASan reports or crashes indicating use-after-free. Example commands: - Compile Kamailio with ASan: `CC=clang CFLAGS='-fsanitize=address' make` - Run Kamailio with the crafted config: `kamailio -f kamailio-basic.cfg` - Check logs or ASan output for heap-use-after-free errors. [1]

Mitigation Strategies

Immediate mitigation steps include: 1) Restrict local access to the Kamailio server to trusted users only, since the attack requires local initiation. 2) Avoid using untrusted or crafted configuration files with 'include' directives until a patch is available. 3) Monitor for updates or patches from Kamailio and apply them as soon as they are released. 4) Consider running Kamailio inside a restricted environment or container to limit impact of potential crashes. 5) If possible, build Kamailio with ASan to detect exploitation attempts during testing. Since the vendor has not responded yet, these steps help reduce risk until a fix is available. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12205. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart