CVE-2025-12204 identifies a heap-based buffer overflow vulnerability in Kamailio 5.5, an open-source SIP server widely used for VoIP communications. The flaw resides in the rve_destroy function within the src/core/rvalue.c file, part of the Configuration File Handler module. This function improperly handles memory when destroying runtime values, leading to a heap overflow condition. Exploitation requires local attacker privileges to manipulate configuration files, which is a significant barrier since remote exploitation or unauthenticated attacks are not feasible. The vulnerability could allow an attacker with local access to corrupt memory, potentially causing application crashes or enabling arbitrary code execution if further conditions are met. The CVSS 4.8 score reflects a medium severity, considering the local attack vector, low complexity, and limited scope of impact on confidentiality, integrity, and availability. The vendor has not issued patches or responded to disclosure, and public exploit code is not currently available. The uncertainty about the vulnerability's existence suggests that further independent verification is needed. However, given Kamailio's critical role in telephony infrastructure, the issue warrants attention. The attack scenario involves configuration file manipulation, which may be unrealistic in many deployments due to strict access controls. Nonetheless, environments where local access is possible, such as multi-tenant servers or compromised internal networks, remain at risk.

The primary impact of this vulnerability is the potential for denial of service through application crashes caused by heap corruption. In more severe cases, if an attacker can precisely control the overflow, arbitrary code execution might be possible, threatening system integrity and confidentiality. Since Kamailio is often deployed in telephony and VoIP infrastructures, exploitation could disrupt voice communications, affecting business operations and service availability. The requirement for local access and configuration file manipulation limits the attacker's reach but does not eliminate risk in environments with weak internal security or insider threats. Organizations relying on Kamailio 5.5 may face service interruptions, potential data compromise, and increased risk of lateral movement within networks if exploited. The lack of vendor response and patches increases exposure time, potentially encouraging attackers to develop exploits. Overall, the threat is moderate but should not be ignored in critical telephony deployments.

To mitigate this vulnerability, organizations should enforce strict local access controls and limit permissions on Kamailio configuration files to trusted administrators only. Employing file integrity monitoring can detect unauthorized changes to configuration files. Segregate Kamailio servers from untrusted users and networks to reduce the likelihood of local exploitation. Regularly audit user accounts and privileges to prevent unauthorized local access. Since no official patch is available, consider upgrading to a later Kamailio version if it addresses this issue or applying custom patches after thorough testing. Implement runtime protections such as heap memory protection mechanisms (e.g., ASLR, DEP) to reduce exploitation success. Monitor system logs for unusual crashes or behavior indicative of exploitation attempts. Engage with the Kamailio community or security researchers for updates or unofficial patches. Finally, prepare incident response plans specific to telephony infrastructure compromise scenarios.