Pexip Infinity

Pexip Infinity <37.0: Signaling Input Validation DoS
CVE-2025-32095 7.5 - High - December 25, 2025

Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.

assertion failure

Pexip Infinity 33.0-37.0 Improper Input Val via Signaling DoS
CVE-2025-32096 7.5 - High - December 25, 2025

Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.

assertion failure

Pexip Infinity 35.0-37.2 Improper Input Val'd in Signalling DoS
CVE-2025-48704 7.5 - High - December 25, 2025

Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.

assertion failure

Pexip Infinity OTJ Service DoS via Crafted Invite (32.0-37.1)
CVE-2025-49088 5.9 - Medium - December 25, 2025

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

assertion failure

Pexip Infinity 15.038.0 Secure Scheduler IAC Unauthenticated Read & DoS
CVE-2025-59683 8.2 - High - December 25, 2025

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.

AuthZ

Pexip Infinity 39.0 Missing Auth on Internal API Enables Node Downtime
CVE-2025-66377 7.5 - High - December 25, 2025

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.

Missing Authentication for Critical Function

Pexip Infinity RTMP Access Control Bypass v38.x (fixed v39.0)
CVE-2025-66378 5.9 - Medium - December 25, 2025

Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node.

AuthZ

Pexip Infinity 35.038.1 Improper Input Validation (Pre-39.0) SIG Abort DoS
CVE-2025-66443 7.5 - High - December 25, 2025

Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service.

assertion failure

Pexip Infinity 29-36.2: Improper Input Validation Allowing Temporary DoS
CVE-2025-30080 - April 02, 2025

Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).

Pexip Infinity <=35.0: Remote DoS via Crafted Signalling Message
CVE-2024-37917 - April 02, 2025

Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.

Pexip Infinity before 34.1 Improper Access Control in Waiting Room
CVE-2024-33850 - June 10, 2024

Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting.

Pexip Infinity <31.2 Improper Input Validation (Abort)
CVE-2023-31289 7.5 - High - December 25, 2023

Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.

Improper Input Validation

Pexip Infinity <31.2 RTCP Input Validation (Abort Exploit)
CVE-2023-31455 7.5 - High - December 25, 2023

Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.

Improper Input Validation

Preconfigured Link XSS in Pexip Infinity Webapp1 v<32
CVE-2023-37225 6.1 - Medium - December 25, 2023

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.

XSS

Pexip Infinity 27 before 28.0
CVE-2022-29286 7.5 - High - July 17, 2022

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

Allocation of Resources Without Limits or Throttling

Pexip Infinity before 28.1
CVE-2022-32263 7.5 - High - July 17, 2022

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

Pexip Infinity before 27.3
CVE-2022-27931 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

Pexip Infinity 27.x before 27.3
CVE-2022-27929 7.5 - High - July 17, 2022

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

Pexip Infinity 27.x before 27.3
CVE-2022-27930 5.9 - Medium - July 17, 2022

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

Pexip Infinity before 27.3
CVE-2022-27932 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

Pexip Infinity 27.x before 27.3
CVE-2022-27928 7.5 - High - July 17, 2022

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

Pexip Infinity before 27.3
CVE-2022-26657 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

Pexip Infinity before 27.3
CVE-2022-26656 8.2 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

Pexip Infinity 27.x before 27.3 has Improper Input Validation
CVE-2022-26655 7.5 - High - July 17, 2022

Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.

Improper Input Validation

Pexip Infinity before 27.3
CVE-2022-26654 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

Pexip Infinity 27.x before 27.2 has Improper Access Control
CVE-2022-25357 5.3 - Medium - July 17, 2022

Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.

Pexip Infinity before 27.3
CVE-2022-27937 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

Resource Exhaustion

Pexip Infinity before 27.3
CVE-2022-27936 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

Pexip Infinity before 27.3
CVE-2022-27935 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

Pexip Infinity before 27.3
CVE-2022-27934 7.5 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

Pexip Infinity before 27.3
CVE-2022-27933 8.2 - High - July 17, 2022

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

Pexip Infinity before 27.0 has improper WebRTC input validation
CVE-2022-23228 7.5 - High - February 18, 2022

Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.

Allocation of Resources Without Limits or Throttling

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service
CVE-2021-31925 7.5 - High - July 07, 2021

Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.

Improper Input Validation

Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup
CVE-2020-25868 7.5 - High - July 07, 2021

Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).

Improper Input Validation

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control
CVE-2020-11805 - September 25, 2020

Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service
CVE-2020-24615 5.3 - Medium - September 25, 2020

Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.

Improper Input Validation

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service
CVE-2020-13387 7.5 - High - September 25, 2020

Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.

Improper Input Validation

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort
CVE-2020-12824 - September 25, 2020

Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.