CVE-2025-12204 identifies a heap-based buffer overflow vulnerability in Kamailio version 5.5, a widely used open-source SIP server for VoIP communications. The flaw resides in the rve_destroy function of the src/core/rvalue.c file, which is part of the configuration file handler component. When configuration files are manipulated locally, this function can improperly handle memory, leading to a heap overflow condition. This memory corruption could allow an attacker with local privileges to execute arbitrary code, escalate privileges, or cause a denial of service by crashing the service. However, exploitation requires local access and the ability to modify configuration files, which is a significant barrier in many environments. The vulnerability has been publicly disclosed, but the vendor has not issued a patch or responded to the report. There is also some skepticism about the vulnerability's practical exploitability due to the complexity of the attack vector. The CVSS 4.0 score is 4.8 (medium), reflecting the local attack vector, low complexity, and limited scope of impact. No known exploits are currently active in the wild.

For European organizations, the impact of CVE-2025-12204 depends largely on their deployment of Kamailio 5.5 and the level of local access control. Organizations in telecommunications, VoIP service providers, and enterprises using Kamailio as part of their communication infrastructure could face risks of service disruption or unauthorized privilege escalation if local attackers gain access. The vulnerability could lead to denial of service, impacting availability of critical communication services. Confidentiality and integrity impacts are possible but less likely without further exploitation steps. Given the local attack requirement, the threat is more significant in environments where multiple users have local system access or where attackers can gain such access through other means. The lack of vendor response and patch availability increases risk exposure until mitigations are applied.

1. Restrict local access to systems running Kamailio 5.5, ensuring only trusted administrators have shell or console access. 2. Harden file system permissions on Kamailio configuration files to prevent unauthorized modification. 3. Monitor system logs and file integrity to detect unauthorized changes to configuration files. 4. Consider deploying Kamailio in containerized or sandboxed environments to limit impact of local exploits. 5. Regularly audit user accounts and remove unnecessary local privileges. 6. Stay alert for vendor updates or community patches addressing this vulnerability. 7. If possible, upgrade to a later Kamailio version once a fix is available. 8. Employ host-based intrusion detection systems (HIDS) to identify suspicious local activity related to configuration file manipulation.