CVE-2025-12207
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-10-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-10-27
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2025-10-27
EPSS Evaluated
2026-06-15
NVD
CVE-2025-12207
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
kamailio kamailio 5.5.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
CWE-404 The product does not release or incorrectly releases a resource before it is made available for re-use.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-12207 is a NULL pointer dereference vulnerability in Kamailio version 5.5, specifically in the configuration parser's handling of the while(...) statement within the Grammar Rule Handler component. When parsing a while(...) expression, if the expression is invalid or fails to parse, a NULL pointer ($2) is passed incorrectly to the error handling function yyerror_at. This causes the function to dereference a NULL pointer, leading to a segmentation fault and crashing the Kamailio server during startup. [1, 2, 3]

Impact Analysis

This vulnerability can cause a denial of service (DoS) by crashing the Kamailio server during startup when it attempts to parse a malformed or crafted configuration file. An attacker with local access can exploit this flaw to prevent the server from running, disrupting services that depend on Kamailio. [1, 2, 3]

Detection Guidance

This vulnerability can be detected by attempting to start Kamailio 5.5 with a specially crafted malformed configuration file that triggers the null pointer dereference in the configuration parser's while(...) statement. When triggered, Kamailio will crash with a segmentation fault (SIGSEGV) during startup. Running Kamailio with AddressSanitizer (ASan) enabled can help identify the null pointer dereference by showing the crash location in yyerror_at(). There are no specific network detection commands since the attack requires local access and occurs during startup parsing. Detection involves monitoring Kamailio startup logs for crashes or segmentation faults related to configuration parsing. [3, 2, 1]

Mitigation Strategies

Immediate mitigation steps include restricting local access to the Kamailio server to trusted users only, as the attack requires local execution. Avoid running Kamailio with untrusted or malformed configuration files, especially those containing while(...) expressions that could trigger the vulnerability. Monitor Kamailio startup for crashes and avoid applying untrusted configuration changes. Since no vendor response or patch is available, consider disabling or limiting the use of the affected configuration grammar rules until a fix is released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-12207. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart