Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-12205

Опубликовано: 27 окт. 2025
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 5.3

Описание

A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

РелизСтатусПримечание
devel

needs-triage

esm-apps/bionic

needs-triage

esm-apps/focal

needs-triage

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-apps/xenial

needs-triage

jammy

needs-triage

noble

needs-triage

plucky

ignored

end of life, was needs-triage
questing

needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 4%
0.00018
Низкий

4.3 Medium

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-12205

CVSS3: 5.3
nvd
3 месяца назад

A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

debian логотип

CVE-2025-12205

CVSS3: 5.3
debian
3 месяца назад

A vulnerability was detected in Kamailio 5.5. The affected element is ...

github логотип

GHSA-j768-6r6g-m9h3

CVSS3: 5.3
github
3 месяца назад

A vulnerability was detected in Kamailio 5.5. The affected element is the function sr_push_yy_state of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

EPSS

Процентиль: 4%
0.00018
Низкий

4.3 Medium

CVSS2

5.3 Medium

CVSS3