Pexip Infinity vulnerabilities
47 known vulnerabilities affecting pexip/pexip_infinity.
Total CVEs
47
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH35MEDIUM8
Vulnerabilities
Page 2 of 3
CVE-2022-27929P3HIGHCVSS 7.5≥ 27.0, < 27.32022-07-17
CVE-2022-27929 [HIGH] CVE-2022-27929: Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
nvd
CVE-2019-7178P3HIGHCVSS 7.2≥ 9, < 20.12020-09-25
CVE-2019-7178 [HIGH] CWE-20 CVE-2019-7178: Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
nvd
CVE-2025-32095P3HIGHCVSS 7.5fixed in 37.02025-12-25
CVE-2025-32095 [HIGH] CWE-617 CVE-2025-32095: Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
nvd
CVE-2025-66379P3HIGHCVSS 7.5fixed in 39.02025-12-25
CVE-2025-66379 [HIGH] CWE-617 CVE-2025-66379: Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a rem
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
nvd
CVE-2025-32096P3HIGHCVSS 7.5≥ 33.0, < 37.12025-12-25
CVE-2025-32096 [HIGH] CWE-617 CVE-2025-32096: Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
nvd
CVE-2025-48704P3HIGHCVSS 7.5≥ 35.0, < 38.02025-12-25
CVE-2025-48704 [HIGH] CWE-617 CVE-2025-48704: Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
nvd
CVE-2025-66378P3HIGHCVSS 7.5≥ 38.0, < 39.02025-12-25
CVE-2025-66378 [HIGH] CWE-863 CVE-2025-66378: Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation,
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
nvd
CVE-2021-31925P3HIGHCVSS 7.5≥ 25.0, < 25.42021-07-07
CVE-2021-31925 [HIGH] CWE-20 CVE-2021-31925: Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote at
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.
nvd
CVE-2022-23228P3HIGHCVSS 7.5≥ 1.0, < 27.02022-02-18
CVE-2022-23228 [HIGH] CWE-770 CVE-2022-23228: Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
nvd
CVE-2022-29286P3HIGHCVSS 7.5≥ 27.0, < 28.02022-07-17
CVE-2022-29286 [HIGH] CWE-770 CVE-2022-29286: Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
nvd
CVE-2022-27937P3HIGHCVSS 7.5fixed in 27.32022-07-17
CVE-2022-27937 [HIGH] CWE-400 CVE-2022-27937: Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.2
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
nvd
CVE-2019-7177P3HIGHCVSS 7.2≥ 10, < 20.12020-09-25
CVE-2019-7177 [HIGH] CWE-94 CVE-2019-7177: Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
nvd
CVE-2025-30080P3HIGHCVSS 7.5≥ 29.0, < 37.02025-04-02
CVE-2025-30080 [HIGH] CWE-20 CVE-2025-30080: Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows r
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
nvd
CVE-2024-37917P3HIGHCVSS 7.5fixed in 35.02025-04-02
CVE-2024-37917 [HIGH] CWE-20 CVE-2024-37917: Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a d
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
nvd
CVE-2018-10432P3HIGHCVSS 7.5≥ 9, < 182020-09-25
CVE-2018-10432 [HIGH] CWE-400 CVE-2018-10432: Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
nvd
CVE-2020-12824P3HIGHCVSS 7.5≥ 23, < 23.32020-09-25
CVE-2020-12824 [HIGH] CWE-20 CVE-2020-12824: Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
nvd
CVE-2018-10585P3HIGHCVSS 7.5fixed in 182020-09-25
CVE-2018-10585 [HIGH] CWE-400 CVE-2018-10585: Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
nvd
CVE-2020-13387P4HIGHCVSS 7.5fixed in 23.42020-09-25
CVE-2020-13387 [HIGH] CWE-20 CVE-2020-13387: Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service vi
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
nvd
CVE-2025-49088P4MEDIUMCVSS 5.9≥ 32.0, < 37.22025-12-25
CVE-2025-49088 [MEDIUM] CWE-617 CVE-2025-49088: Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
nvd
CVE-2022-27930P4MEDIUMCVSS 5.9≥ 27.0, < 27.32022-07-17
CVE-2022-27930 [MEDIUM] CVE-2022-27930: Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
nvd