CVE-2025-12207
Gravedad CVSS v4.0:
MEDIA
Tipo:
CWE-404
Apagado o liberación incorrecto de recursos
Fecha de publicación:
27/10/2025
Última modificación:
04/11/2025
Descripción
*** Pendiente de traducción *** A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.
Impacto
Puntuación base 4.0
4.80
Gravedad 4.0
MEDIA
Puntuación base 3.x
3.30
Gravedad 3.x
BAJA
Puntuación base 2.0
1.70
Gravedad 2.0
BAJA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:kamailio:kamailio:5.5.0:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- https://shimo.im/docs/vVqRMVMlrycMO63y/
- https://vuldb.com/?ctiid_329877=
- https://vuldb.com/?id_329877=
- https://vuldb.com/?submit_673241=
- https://www.openwall.com/lists/oss-security/2025/11/02/3
- http://www.openwall.com/lists/oss-security/2025/10/27/12
- http://www.openwall.com/lists/oss-security/2025/10/27/8
- https://www.openwall.com/lists/oss-security/2025/10/27/8
- https://shimo.im/docs/vVqRMVMlrycMO63y