Vulnerability Description
A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kamailio | Kamailio | 5.5.0 |
Related Weaknesses (CWE)
References
- https://shimo.im/docs/aBAYMVMB2jUP9jAj/ExploitThird Party Advisory
- https://vuldb.com/?ctiid.329876Permissions RequiredVDB Entry
- https://vuldb.com/?id.329876Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.673240Third Party AdvisoryVDB Entry
- https://www.openwall.com/lists/oss-security/2025/11/02/3
- http://www.openwall.com/lists/oss-security/2025/10/27/12
- http://www.openwall.com/lists/oss-security/2025/10/27/8
- https://www.openwall.com/lists/oss-security/2025/10/27/8Issue TrackingMailing List
- https://shimo.im/docs/aBAYMVMB2jUP9jAjExploitThird Party Advisory
FAQ
What is CVE-2025-12206?
CVE-2025-12206 is a vulnerability with a CVSS score of 3.3 (LOW). A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be lau...
How severe is CVE-2025-12206?
CVE-2025-12206 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12206?
Check the references section above for vendor advisories and patch information. Affected products include: Kamailio Kamailio.