CVE-2025-12205
Last modified
CVE-2025-12205 is a low-severity vulnerability rated 1.9/10 on the CVSS scale. A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kamailio | Kamailio | 5.5.0 |
References
- https://shimo.im/docs/ZzkLMVMLOzIRlpAQ/Exploit, Third Party Advisory
- https://vuldb.com/?ctiid.329875Permissions Required, VDB Entry
- https://vuldb.com/?id.329875Third Party Advisory, VDB Entry
- https://vuldb.com/?submit.673225Third Party Advisory, VDB Entry
- https://www.openwall.com/lists/oss-security/2025/10/27/8Issue Tracking, Mailing List
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2025-12205?
How severe is CVE-2025-12205?
How do I fix CVE-2025-12205?
Are you affected by CVE-2025-12205?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST