A vulnerability was detected in Kamailio 5.5. The... · CVE-2025-12205 · GitHub Advisory Database · GitHub

A vulnerability was detected in Kamailio 5.5. The...

Moderate severity Unreviewed Published Oct 27, 2025 to the GitHub Advisory Database • Updated Nov 5, 2025

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Published by the National Vulnerability Database

Oct 27, 2025

Published to the GitHub Advisory Database Oct 27, 2025

Last updated Nov 5, 2025

Weaknesses

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. Learn more on MITRE.

CWE-416

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory belongs to the code that operates on the new pointer. Learn more on MITRE.