CVE-2025-66378
published 2025-12-25CVE-2025-66378: Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.22%
12.2th percentile
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pexip | infinity | >= 38.0 < 39.0 | 39.0 |
| pexip | pexip_infinity | >= 38.0 < 39.0 | 39.0 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2025-59683 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-59683 [HIGH] CVE-2025-59683 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59683 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
Source : NVD
## 9.1
Score
Published December 25, 2025
Severity CRITICAL
CNA Score 8.2
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.2
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Wiz
CVE-2025-66377 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-66377 [HIGH] CVE-2025-66377 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66377 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
Source : NVD
## 7.5
Score
Published December 25, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity HIGH Has F
Wiz
CVE-2025-66379 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-66379 [HIGH] CVE-2025-66379 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66379 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
Source : NVD
## 7.5
Score
Published December 25, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
Wiz
CVE-2025-66443 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-66443 [HIGH] CVE-2025-66443 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66443 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
Source : NVD
## 5.3
Score
Published December 25, 2025
Severity MEDIUM
CNA Score 7.5
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity MEDIUM Has Fix Added at: Jan 06, 2026
Wiz
CVE-2025-32096 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-32096 [HIGH] CVE-2025-32096 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-32096 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
Source : NVD
## 7.5
Score
Published December 25, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
## Get a CVE risk assessm
Wiz
CVE-2025-32095 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-32095 [HIGH] CVE-2025-32095 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-32095 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
Source : NVD
## 7.5
Score
Published December 25, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
##
Wiz
CVE-2025-48704 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-48704 [HIGH] CVE-2025-48704 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48704 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
Source : NVD
## 7.5
Score
Published December 25, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
## Get a CVE risk assess
Wiz
CVE-2025-49088 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2025-49088 [MEDIUM] CVE-2025-49088 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-49088 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
Source : NVD
## 5.9
Score
Published December 25, 2025
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severit
Wiz
CVE-2025-66378 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-66378 [HIGH] CVE-2025-66378 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66378 :
Pexip Infinity Management Node vulnerability analysis and mitigation
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
Source : NVD
## 7.5
Score
Published December 25, 2025
Severity HIGH
CNA Score 5.9
Affected Technologies
Pexip Infinity Management Node
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:pexip:pexip_infinity
Sources
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
Linux Severity HIGH Has Fix Added at: Jan 06, 2026
## Get a CVE risk assessment
2025-12-25
Published