Pexip 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk input validation and vendor risk cross-site scripting などに関し、一部は vendor impact session compromise を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-66443 | Pexip Infinity 35.0 through 38.1 before 39.0, in non-default configurations that use Direct Media for WebRTC, has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a temporary denial of service. | [email protected] | 7.5 | 0.04% | 2025-12-25 | 2026-01-05 |
| CVE-2025-66379 | Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service. | [email protected] | 7.5 | 0.07% | 2025-12-25 | 2026-01-05 |
| CVE-2025-66378 | Pexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMP streams traversing a Proxy Node. | [email protected] | 5.9 | 0.05% | 2025-12-25 | 2026-01-05 |
| CVE-2025-66377 | Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation. | [email protected] | 7.5 | 0.03% | 2025-12-25 | 2026-01-05 |
| CVE-2025-59683 | Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service. | [email protected] | 8.2 | 0.15% | 2025-12-25 | 2026-01-05 |
| CVE-2025-49088 | Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service. | [email protected] | 5.9 | 0.07% | 2025-12-25 | 2026-01-05 |
| CVE-2025-48704 | Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service. | [email protected] | 7.5 | 0.04% | 2025-12-25 | 2026-01-05 |
| CVE-2025-32096 | Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service. | [email protected] | 7.5 | 0.04% | 2025-12-25 | 2026-01-05 |
| CVE-2025-32095 | Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service. | [email protected] | 7.5 | 0.10% | 2025-12-25 | 2026-01-05 |
| CVE-2025-30080 | Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). | [email protected] | 7.5 | 2.26% | 2025-04-02 | 2025-06-18 |
| CVE-2024-37917 | Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message. | [email protected] | 7.5 | 2.04% | 2025-04-02 | 2025-06-18 |
| CVE-2024-33850 | Pexip Infinity before 34.1 has Improper Access Control for persons in a waiting room. They can see the conference roster list, and perform certain actions that should not be allowed before they are admitted to the meeting. | [email protected] | 4.3 | 0.29% | 2024-06-10 | 2025-06-20 |
| CVE-2023-40236 | In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. | [email protected] | 5.3 | 0.04% | 2023-12-25 | 2025-04-23 |
| CVE-2023-37225 | Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. | [email protected] | 6.1 | 0.21% | 2023-12-25 | 2024-11-21 |
| CVE-2023-31455 | Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. | [email protected] | 7.5 | 0.28% | 2023-12-25 | 2024-11-21 |
| CVE-2023-31289 | Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort. | [email protected] | 7.5 | 0.28% | 2023-12-25 | 2024-11-21 |
| CVE-2022-32263 | Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. | [email protected] | 7.5 | 0.77% | 2022-07-17 | 2024-11-21 |
| CVE-2022-29286 | Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. | [email protected] | 7.5 | 0.60% | 2022-07-17 | 2024-11-21 |
| CVE-2022-27937 | Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. | [email protected] | 7.5 | 0.60% | 2022-07-17 | 2024-11-21 |
| CVE-2022-27936 | Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. | [email protected] | 7.5 | 0.60% | 2022-07-17 | 2024-11-21 |