CVE-2025-12206 is a vulnerability identified in Kamailio version 5.5, specifically within the function rve_is_constant in the source file src/core/rvalue.c. The issue arises from a NULL pointer dereference caused by improper handling of certain conditions during runtime evaluation of configuration expressions. This flaw can lead to a denial of service (DoS) by crashing the Kamailio SIP server process. Exploitation requires local access to the system and the ability to manipulate Kamailio configuration files, which are typically protected and not easily altered by unprivileged users. The vulnerability does not require user interaction beyond local access, nor does it allow for remote exploitation or privilege escalation. The vendor was notified prior to public disclosure but did not respond, and no official patch or mitigation guidance has been released. An exploit has been published, but its practical applicability is limited by the need for local privileges and configuration file manipulation. The CVSS 4.0 base score of 4.8 reflects these factors, indicating a medium severity level. This vulnerability primarily affects the availability of the Kamailio service by causing crashes, without impacting confidentiality or integrity.

The primary impact of CVE-2025-12206 is a denial of service condition resulting from a crash of the Kamailio SIP server. This can disrupt VoIP communications and related services relying on Kamailio, potentially affecting business operations that depend on real-time communication. Since exploitation requires local access and configuration file manipulation, the risk of widespread remote attacks is low. However, insider threats or attackers who have already compromised local access could leverage this vulnerability to cause service outages. The lack of vendor response and patch availability increases the window of exposure. Organizations with critical telephony infrastructure using Kamailio 5.5 may experience service interruptions, impacting customer service, internal communications, and potentially emergency response capabilities. The vulnerability does not appear to allow data leakage or privilege escalation, limiting its impact to availability only.

To mitigate CVE-2025-12206, organizations should implement strict local access controls to prevent unauthorized users from accessing or modifying Kamailio configuration files. File system permissions should be reviewed and hardened to restrict write access to trusted administrators only. Monitoring and alerting on changes to Kamailio configuration files can provide early detection of potential exploitation attempts. Running Kamailio with the least privileges necessary and isolating it within a secure environment can reduce the risk of local exploitation. Since no official patch is available, consider upgrading to a later Kamailio version if it addresses this issue or applying community-provided patches after thorough testing. Additionally, implementing system-level protections such as SELinux or AppArmor profiles can limit the impact of crashes and prevent unauthorized configuration changes. Regular backups of configuration files and service restart procedures should be in place to quickly recover from any denial of service caused by exploitation.