CVE-2025-12205 – A use-after-free vulnerability in Kamailio's co... (How to Fix)

Q: What is the severity of CVE-2025-12205?

CVE-2025-12205 has a CVSS score of 5.3 (MEDIUM). A use-after-free vulnerability in Kamailio's configuration file parser allows local attackers to potentially crash the service or execute arbitrary code by manipulating configuration files. This affects Kamailio 5.5 installations where attackers have local access to modify configuration files. The vulnerability requires local access and configuration file manipulation, which may limit practical exploitation.

📋 TL;DR

A use-after-free vulnerability in Kamailio's configuration file parser allows local attackers to potentially crash the service or execute arbitrary code by manipulating configuration files. This affects Kamailio 5.5 installations where attackers have local access to modify configuration files. The vulnerability requires local access and configuration file manipulation, which may limit practical exploitation.

💻 Affected Systems

Products:

Kamailio SIP Server

Versions: Version 5.5 specifically mentioned; other versions may be affected but not confirmed

Operating Systems: All platforms running Kamailio

Default Config Vulnerable: ⚠️ Yes

Notes: Requires ability to modify Kamailio configuration files and trigger configuration reload/restart.

📦 What is this software?

Kamailio by Kamailio

View all CVEs affecting Kamailio →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise via arbitrary code execution as the Kamailio process user.

🟠

Likely Case

Service crash (denial of service) when malformed configuration files are processed during reload or restart.

🟢

If Mitigated

No impact if proper file permissions prevent unauthorized configuration file modifications.

🌐 Internet-Facing: LOW - Attack requires local access to the server, not remote exploitation.

🏢 Internal Only: MEDIUM - Local attackers with configuration file write access could cause service disruption.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploit details are public but require local access and configuration file manipulation. Some security researchers doubt the practical exploitability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: UNKNOWN

Vendor Advisory: NONE - Vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Consider upgrading to latest Kamailio version and monitor for security updates.

🔧 Temporary Workarounds

Restrict configuration file permissions

all

Ensure only authorized users can modify Kamailio configuration files

chmod 640 /etc/kamailio/kamailio.cfg
chown root:kamailio /etc/kamailio/kamailio.cfg

Monitor configuration file changes

Linux

Implement file integrity monitoring for Kamailio configuration files

# Use auditd: auditctl -w /etc/kamailio/ -p wa -k kamailio_config
# Or use inotify/inotifywait tools

🧯 If You Can't Patch

Implement strict access controls on Kamailio configuration directories
Use configuration management tools with change approval workflows

🔍 How to Verify

Check if Vulnerable:

Check Kamailio version: kamailio -V | grep 'version:'

Check Version:

kamailio -V | grep 'version:'

Verify Fix Applied:

No official fix available. Verify workarounds by checking file permissions: ls -la /etc/kamailio/kamailio.cfg

📡 Detection & Monitoring

Log Indicators:

Kamailio crash logs
Configuration parsing errors in syslog
Unexpected service restarts

Network Indicators:

Sudden loss of SIP service
Failed SIP registrations

SIEM Query:

source="syslog" AND ("kamailio" AND ("segmentation fault" OR "crash" OR "config error"))

📊 Metadata

CVE ID: CVE-2025-12205

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-119

EPSS Score: 0.02% exploit probability (4.1th percentile)

Published: October 27, 2025

Last Updated: November 4, 2025

🔗 References

https://shimo.im/docs/ZzkLMVMLOzIRlpAQ/ Exploit,Third Party Advisory
https://vuldb.com/?ctiid.329875 Permissions Required,VDB Entry
https://vuldb.com/?id.329875 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.673225 Third Party Advisory,VDB Entry
https://www.openwall.com/lists/oss-security/2025/11/02/3
http://www.openwall.com/lists/oss-security/2025/10/27/12
http://www.openwall.com/lists/oss-security/2025/10/27/8
https://www.openwall.com/lists/oss-security/2025/10/27/8 Issue Tracking,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12205, you might also want to check these: