CVE-2025-12207

A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.3 LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
kamailiokamailio
5.5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://shimo.im/docs/vVqRMVMlrycMO63y/
https://vuldb.com/?ctiid.329877
https://vuldb.com/?id.329877
https://vuldb.com/?submit.673241
https://www.openwall.com/lists/oss-security/2025/10/27/8
https://shimo.im/docs/vVqRMVMlrycMO63y