CVE-2025-12207 is a vulnerability identified in Kamailio version 5.5, specifically within the Grammar Rule Handler component's yyerror_at function located in src/core/cfg.y. The issue arises from improper handling of error conditions leading to a NULL pointer dereference when processing grammar rules. This flaw can be triggered by a local attacker with low privileges, causing the Kamailio process to crash and resulting in a denial of service (DoS) condition. The vulnerability does not require user interaction or elevated privileges beyond local access, making it relatively easy to exploit in environments where local access is possible. Kamailio is an open-source SIP server widely used in VoIP infrastructures to handle signaling and routing. The denial of service caused by this vulnerability can disrupt telephony services, impacting availability and potentially causing communication outages. The vendor has not responded to the disclosure, and no patches are currently available, although public exploit information has been released. This increases the risk of exploitation in unpatched environments. The CVSS 4.0 base score is 4.8, reflecting a medium severity primarily due to the local access requirement and limited scope of impact (availability only).

For European organizations, especially telecom operators, VoIP service providers, and enterprises relying on Kamailio for SIP signaling, this vulnerability poses a risk of service disruption through denial of service attacks. The inability to handle malformed grammar rules locally can cause the Kamailio server to crash, interrupting voice communications and potentially impacting business operations dependent on VoIP. Critical infrastructure relying on real-time communications could experience outages, affecting customer service and operational continuity. Since the attack requires local access, insider threats or compromised internal hosts pose the greatest risk. The lack of vendor response and patches increases exposure time, potentially allowing attackers to exploit the vulnerability in environments where Kamailio 5.5 is deployed without adequate access controls. This could lead to reputational damage and financial losses due to service downtime.

1. Restrict local access to Kamailio servers strictly to trusted administrators and systems to minimize the risk of local exploitation. 2. Implement robust host-based access controls and monitoring to detect unusual activity or crashes related to Kamailio processes. 3. Use containerization or sandboxing techniques to isolate Kamailio instances, limiting the impact of potential crashes. 4. Regularly back up configuration files and critical data to enable rapid recovery after a crash. 5. Monitor public advisories closely for vendor patches or community fixes and apply them promptly once available. 6. Consider upgrading to a later Kamailio version if it addresses this vulnerability or applying community-developed patches if feasible. 7. Conduct internal audits to ensure no unauthorized local users have access to Kamailio hosts. 8. Employ intrusion detection systems (IDS) to alert on abnormal process terminations or local exploit attempts. 9. Educate internal teams about the risks of local access exploitation and enforce strict operational security policies.