CVE-2025-12207 is a vulnerability identified in Kamailio version 5.5, specifically within the Grammar Rule Handler component's yyerror_at function located in the src/core/cfg.y source file. The issue arises from a NULL pointer dereference triggered by improper handling of configuration file inputs. When an attacker with local access manipulates the configuration files, the function may dereference a NULL pointer, causing the Kamailio process to crash or behave unpredictably. This vulnerability does not require user interaction or elevated privileges beyond local access, but the attack vector is constrained by the necessity to modify configuration files, which are typically protected and require some level of privilege. The vulnerability has a CVSS 4.8 score, reflecting its medium severity, with an attack vector classified as local and low complexity. No authentication or user interaction is needed, but the scope is limited to local privilege. The vendor has not issued any patches or advisories, and the exploit has been publicly disclosed, though the actual existence and exploitability have been questioned. The primary impact is denial of service due to service crashes, potentially disrupting SIP communications managed by Kamailio.

The primary impact of CVE-2025-12207 is on the availability of Kamailio services. A successful exploitation leads to a NULL pointer dereference, causing the Kamailio process to crash and resulting in denial of service. This can disrupt SIP-based communications, affecting VoIP infrastructure, session management, and real-time communication services relying on Kamailio. Since exploitation requires local access and configuration file manipulation, the risk is mitigated in environments with strict access controls. However, in scenarios where local access is possible, such as multi-tenant servers, compromised internal hosts, or insider threats, this vulnerability could be leveraged to cause service outages. The lack of vendor response and patches increases the risk of prolonged exposure. Organizations relying on Kamailio 5.5 for critical communications may experience service interruptions, impacting business operations and customer communications.

To mitigate CVE-2025-12207, organizations should implement strict access controls to limit local access to systems running Kamailio, ensuring only trusted administrators can modify configuration files. Employ file integrity monitoring solutions to detect unauthorized changes to Kamailio configuration files promptly. Consider running Kamailio with the least privileges necessary and isolate it within secure environments or containers to reduce the attack surface. Regularly audit user permissions and monitor logs for suspicious local activity. Until an official patch is released, avoid upgrading to or deploying Kamailio 5.5 in environments where local access cannot be tightly controlled. If possible, downgrade to earlier versions not affected by this vulnerability or apply custom patches if available from the community. Maintain up-to-date backups of configuration files to enable quick recovery from potential crashes or misconfigurations. Engage with Kamailio community channels for updates and potential fixes.