Pexip Infinity
CVE-2025-30080
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort).
AnalysisAI
Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. Signalling in Pexip Infinity 29 through 36.2 before 37.0 has improper input validation that allows remote attackers to trigger a temporary denial of service (software abort). Affected products include: Pexip Pexip Infinity. Version information: through 36.2.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Pexip Infinity
View allPexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-m
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary c
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. Rated critical severity (CVS
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. Rated high severity (
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via On
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (so
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort. Rated
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. Rated high severity (CVSS 7.5)
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. Rated high sever
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. Rated high severity (CVSS 7.5)
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today