CVE-2025-12205 is a use-after-free vulnerability identified in Kamailio version 5.5, an open-source SIP server widely used for VoIP communications. The flaw resides in the sr_push_yy_state function of the src/core/cfg.lex file, which is part of the configuration file handler component. A use-after-free occurs when the program continues to use memory after it has been freed, potentially leading to memory corruption, crashes, or arbitrary code execution. However, exploitation of this vulnerability requires an attacker to have local access to the system and the ability to manipulate Kamailio configuration files. This significantly limits the attack vector, as remote exploitation is not feasible without prior compromise. The vulnerability was publicly disclosed with a CVSS v4.0 score of 4.8, indicating medium severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required beyond local access (PR:L), and no user interaction needed (UI:N). The vendor has not issued any response or patch, and the exploit code is publicly available, although the real-world impact remains uncertain due to the constrained exploitation scenario. The vulnerability could lead to partial confidentiality, integrity, and availability impacts if exploited, such as service disruption or unauthorized configuration changes. Organizations running Kamailio 5.5 should consider this vulnerability seriously, especially in environments where local access controls are weak or where configuration files might be exposed to unauthorized modification.

The potential impact of CVE-2025-12205 includes partial compromise of the Kamailio SIP server's confidentiality, integrity, and availability. Exploiting the use-after-free could cause service crashes or enable an attacker to execute arbitrary code with local privileges, potentially disrupting VoIP services. Given Kamailio's role in handling SIP signaling for voice communications, such disruptions could affect telephony availability and reliability. However, the requirement for local access and configuration file manipulation reduces the likelihood of widespread exploitation. Organizations with lax local access controls or shared environments are at higher risk. The absence of vendor patches prolongs exposure, increasing the window for potential exploitation. Overall, the impact is moderate but could be significant in sensitive telephony infrastructures or multi-tenant environments where local access is less restricted.

To mitigate CVE-2025-12205, organizations should implement strict local access controls to prevent unauthorized users from accessing the Kamailio server or its configuration files. Employ file system permissions to restrict write access to configuration files only to trusted administrators. Regularly monitor and audit configuration files for unauthorized changes using file integrity monitoring tools. Consider isolating Kamailio instances in hardened environments or containers to limit local attack surfaces. Until an official patch is released, applying runtime protections such as AddressSanitizer or other memory safety tools during testing may help detect exploitation attempts. Additionally, maintain up-to-date backups of configuration files to enable quick recovery in case of tampering. Engage with the Kamailio community or vendors for updates and patches, and plan for timely patch application once available.