The vulnerability CVE-2025-68274 resides in the emiago sipgo library, a Go language library for building SIP (Session Initiation Protocol) services. Specifically, the issue is a null pointer dereference in the NewResponseFromRequest function, which is responsible for generating SIP responses based on incoming SIP requests. The root cause is that the function assumes the presence of the To header in SIP requests without verifying its existence. When a SIP request is received without a To header—a mandatory header in SIP messages—the parsing succeeds but the response creation code dereferences a nil pointer, leading to a crash of the SIP application. This vulnerability affects all normal SIP operations, including call setup, authentication, and message handling, not just error or edge cases. Since the vulnerability can be triggered by sending a single malformed SIP request remotely, it allows unauthenticated attackers to cause a denial-of-service (DoS) condition by crashing SIP applications that use the vulnerable sipgo library versions (>= 0.3.0 and < 1.0.0-alpha-1). The vulnerability has a CVSS 4.0 score of 8.7 (high severity), reflecting its network attack vector, no required privileges or user interaction, and high impact on availability. The issue is patched in version 1.0.0-alpha-1 of sipgo. No known exploits are reported in the wild yet, but the simplicity of exploitation and the critical role of SIP in telecommunications make this a significant threat.

For European organizations, this vulnerability poses a substantial risk to the availability and reliability of SIP-based communication services, which are widely used in VoIP telephony, unified communications, and enterprise telephony systems. A successful exploitation can cause immediate denial of service by crashing SIP servers or applications, disrupting voice calls, video conferencing, and authentication processes. This can affect business continuity, customer service, and internal communications. Telecom providers, enterprises with on-premises SIP infrastructure, and cloud SIP service providers are particularly vulnerable. The disruption could also impact emergency services and critical infrastructure relying on SIP communications. Additionally, the ease of exploitation without authentication increases the risk of widespread attacks, potentially targeting multiple organizations simultaneously. The vulnerability could be leveraged as part of larger multi-vector attacks or to create service outages during geopolitical tensions or cyber campaigns targeting European telecom infrastructure.

The primary mitigation is to upgrade all affected sipgo library instances to version 1.0.0-alpha-1 or later, where the null pointer dereference issue is patched. Organizations should audit their SIP applications and services to identify usage of sipgo versions in the vulnerable range. Implement strict input validation and SIP message integrity checks to detect and reject malformed SIP requests lacking mandatory headers such as To. Deploy network-level protections such as SIP-aware firewalls and intrusion prevention systems (IPS) that can filter malformed SIP traffic and rate-limit suspicious requests. Monitoring and alerting on SIP service crashes or abnormal SIP traffic patterns can provide early detection of exploitation attempts. For critical deployments, consider redundancy and failover mechanisms to maintain service availability during attacks. Engage with vendors and developers to ensure timely patching and secure coding practices in SIP service development.