cbcvebase.

Pexip Infinity vulnerabilities

14 known vulnerabilities affecting pexip/infinity.

Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH11MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-59683P3CRITICALCVSS 9.1≥ 15.0, < 38.12025-12-25
CVE-2025-59683 [CRITICAL] CWE-863 CVE-2025-59683: Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
nvd
CVE-2025-66377P3HIGHCVSS 7.5fixed in 39.02025-12-25
CVE-2025-66377 [HIGH] CWE-306 CVE-2025-66377: Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
nvd
CVE-2025-32095P3HIGHCVSS 7.5fixed in 37.02025-12-25
CVE-2025-32095 [HIGH] CWE-617 CVE-2025-32095: Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
nvd
CVE-2025-66379P3HIGHCVSS 7.5fixed in 39.02025-12-25
CVE-2025-66379 [HIGH] CWE-617 CVE-2025-66379: Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a rem Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
nvd
CVE-2025-32096P3HIGHCVSS 7.5≥ 33.0, < 37.12025-12-25
CVE-2025-32096 [HIGH] CWE-617 CVE-2025-32096: Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
nvd
CVE-2025-48704P3HIGHCVSS 7.5≥ 35.0, < 38.02025-12-25
CVE-2025-48704 [HIGH] CWE-617 CVE-2025-48704: Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
nvd
CVE-2025-66378P3HIGHCVSS 7.5≥ 38.0, < 39.02025-12-25
CVE-2025-66378 [HIGH] CWE-863 CVE-2025-66378: Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
nvd
CVE-2021-32545P3HIGHCVSS 7.5fixed in 262022-01-15
CVE-2021-32545 [HIGH] CWE-20 CVE-2021-32545: Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
nvd
CVE-2021-42555P3HIGHCVSS 7.5≥ 25.0, < 26.22022-01-15
CVE-2021-42555 [HIGH] CWE-20 CVE-2021-42555: Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
nvd
CVE-2021-33498P3HIGHCVSS 7.5fixed in 262022-01-15
CVE-2021-33498 [HIGH] CWE-20 CVE-2021-33498: Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation ( Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
nvd
CVE-2021-33499P3HIGHCVSS 7.5fixed in 262022-01-15
CVE-2021-33499 [HIGH] CWE-20 CVE-2021-33499: Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation ( Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
nvd
CVE-2021-35969P3HIGHCVSS 7.5≥ 22.0, < 262022-01-15
CVE-2021-35969 [HIGH] CWE-20 CVE-2021-35969: Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-s Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
nvd
CVE-2025-49088P4MEDIUMCVSS 5.9≥ 32.0, < 37.22025-12-25
CVE-2025-49088 [MEDIUM] CWE-617 CVE-2025-49088: Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
nvd
CVE-2025-66443P4MEDIUMCVSS 5.3≥ 35.0, < 39.02025-12-25
CVE-2025-66443 [MEDIUM] CWE-617 CVE-2025-66443: Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media fo Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
nvd
Pexip Infinity vulnerabilities | cvebase