CVE-2025-12205
BaseFortify
Publication date: 2025-10-27
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| kamailio | kamailio | 5.5.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-12205 is a heap use-after-free vulnerability in Kamailio SIP Server 5.5, specifically in the configuration file parsing function sr_push_yy_state. The issue arises because the code inconsistently manages memory for filename strings when handling 'include' directives. It prematurely frees heap-allocated memory (newf) while other parts of the parser still reference it, leading to use-after-free conditions. This causes invalid memory reads and can crash the server during configuration parsing. [1]
How can this vulnerability impact me? :
This vulnerability can cause a denial of service (DoS) by crashing the Kamailio server during configuration parsing, preventing it from starting. Additionally, depending on heap layout and exploitation, it may lead to memory corruption, which could potentially allow arbitrary code execution or privilege escalation. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by running Kamailio 5.5 with AddressSanitizer (ASan) enabled and using a crafted configuration file that triggers the use-after-free in the function sr_push_yy_state during configuration parsing. Monitoring for crashes or memory errors during server startup is key. There are no specific network commands to detect this vulnerability since the attack must be initiated locally and it occurs during configuration file parsing. Suggested detection steps include: 1) Build Kamailio with ASan enabled. 2) Run Kamailio with a configuration file that includes crafted 'include' directives to trigger the bug. 3) Observe for ASan reports or crashes indicating use-after-free. Example commands: - Compile Kamailio with ASan: `CC=clang CFLAGS='-fsanitize=address' make` - Run Kamailio with the crafted config: `kamailio -f kamailio-basic.cfg` - Check logs or ASan output for heap-use-after-free errors. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Restrict local access to the Kamailio server to trusted users only, since the attack requires local initiation. 2) Avoid using untrusted or crafted configuration files with 'include' directives until a patch is available. 3) Monitor for updates or patches from Kamailio and apply them as soon as they are released. 4) Consider running Kamailio inside a restricted environment or container to limit impact of potential crashes. 5) If possible, build Kamailio with ASan to detect exploitation attempts during testing. Since the vendor has not responded yet, these steps help reduce risk until a fix is available. [1]