Pexip Infinity
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pexip Infinity.
By the Year
In 2026 there have been 0 vulnerabilities in Pexip Infinity. Last year, in 2025 Infinity had 9 security vulnerabilities published. Right now, Infinity is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 9 | 7.22 |
| 2024 | 0 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 5 | 7.50 |
It may take a day or so for new Infinity vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pexip Infinity Security Vulnerabilities
Pexip Infinity 35.0-37.2 Improper Input Val'd in Signalling DoS
CVE-2025-48704
7.5 - High
- December 25, 2025
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
assertion failure
Pexip Infinity 15.038.0 Secure Scheduler IAC Unauthenticated Read & DoS
CVE-2025-59683
8.2 - High
- December 25, 2025
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
AuthZ
Pexip Infinity 39.0 Missing Auth on Internal API Enables Node Downtime
CVE-2025-66377
7.5 - High
- December 25, 2025
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
Missing Authentication for Critical Function
Pexip Infinity RTMP Access Control Bypass v38.x (fixed v39.0)
CVE-2025-66378
5.9 - Medium
- December 25, 2025
Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.
AuthZ
Pexip Infinity <37.0: Signaling Input Validation DoS
CVE-2025-32095
7.5 - High
- December 25, 2025
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
assertion failure
Pexip Infinity 33.0-37.0 Improper Input Val via Signaling DoS
CVE-2025-32096
7.5 - High
- December 25, 2025
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
assertion failure
Pexip Infinity OTJ Service DoS via Crafted Invite (32.0-37.1)
CVE-2025-49088
5.9 - Medium
- December 25, 2025
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
assertion failure
Pexip Infinity <39.0 Improper Input Validation in Media Impl. Causing Remote DoS
CVE-2025-66379
7.5 - High
- December 25, 2025
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
assertion failure
Pexip Infinity 35.038.1 Improper Input Validation (Pre-39.0) SIG Abort DoS
CVE-2025-66443
7.5 - High
- December 25, 2025
Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.
assertion failure
Pexip Infinity <31.2 RTCP Input Validation (Abort Exploit)
CVE-2023-31455
7.5 - High
- December 25, 2023
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
Improper Input Validation
Pexip Infinity before 26
CVE-2021-32545
7.5 - High
- January 15, 2022
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.
Improper Input Validation
Pexip Infinity before 26.2
CVE-2021-42555
7.5 - High
- January 15, 2022
Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
Improper Input Validation
Pexip Infinity before 26
CVE-2021-35969
7.5 - High
- January 15, 2022
Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.
Improper Input Validation
Pexip Infinity before 26
CVE-2021-33499
7.5 - High
- January 15, 2022
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).
Improper Input Validation
Pexip Infinity before 26
CVE-2021-33498
7.5 - High
- January 15, 2022
Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pexip Infinity or by Pexip? Click the Watch button to subscribe.
