Vulnerability Description
A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kamailio | Kamailio | 5.5.0 |
Related Weaknesses (CWE)
References
- https://shimo.im/docs/vVqRMVMlrycMO63y/ExploitThird Party Advisory
- https://vuldb.com/?ctiid.329877Permissions RequiredVDB Entry
- https://vuldb.com/?id.329877Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.673241Third Party AdvisoryVDB Entry
- https://www.openwall.com/lists/oss-security/2025/11/02/3
- http://www.openwall.com/lists/oss-security/2025/10/27/12
- http://www.openwall.com/lists/oss-security/2025/10/27/8
- https://www.openwall.com/lists/oss-security/2025/10/27/8Issue TrackingMailing List
- https://shimo.im/docs/vVqRMVMlrycMO63yExploitThird Party Advisory
FAQ
What is CVE-2025-12207?
CVE-2025-12207 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereferen...
How severe is CVE-2025-12207?
CVE-2025-12207 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-12207?
Check the references section above for vendor advisories and patch information. Affected products include: Kamailio Kamailio.