CVE-2025-12206
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-14
NVD
CVE-2025-12206
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kamailio kamailio 5.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12206 is a NULL pointer dereference vulnerability in Kamailio version 5.5, specifically in the function rve_is_constant in src/core/rvalue.c. During configuration parsing, the function dereferences a pointer without checking if it is NULL, which can happen with malformed or specially crafted configuration inputs. This causes Kamailio to crash with a segmentation fault, resulting in a denial of service by preventing the server from starting. [1, 2]

Impact Analysis

This vulnerability can cause Kamailio to crash during configuration parsing, leading to a denial of service (DoS) by preventing the server from starting. It affects the availability of the system but does not impact confidentiality or integrity. The exploit requires local access and can be triggered with a crafted configuration file. [1, 2]

Detection Guidance

This vulnerability can be detected by attempting to start Kamailio 5.5 with a specially crafted configuration file that triggers the NULL pointer dereference in the function rve_is_constant. A crash or segmentation fault (SIGSEGV) during configuration parsing indicates the presence of the vulnerability. Using AddressSanitizer (ASan) enabled builds can help diagnose the crash by showing a read at address zero with a stack trace pointing to rve_is_constant. There are no specific network detection commands since the attack requires local access and occurs during configuration parsing. Monitoring Kamailio startup logs for crashes or segmentation faults can also help detect the issue. [1]

Mitigation Strategies

Immediate mitigation steps include avoiding the use of Kamailio version 5.5 or replacing it with an alternative product, as no patches or vendor responses are available. Since the vulnerability requires local access and is triggered by malformed configuration files, restrict local access to trusted administrators only. Carefully validate and audit configuration files before applying them to prevent malformed inputs that could trigger the crash. Monitoring for crashes and avoiding running untrusted configuration files can reduce risk. [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12206. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart