Focus on pexip vulnerabilities and metrics.
Last updated: 08 Mar 2025, 23:25 UTC
This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with pexip. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.
For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.
Total pexip CVEs: 35
Earliest CVE date: 03 Feb 2015, 16:59 UTC
Latest CVE date: 25 Dec 2023, 06:15 UTC
Latest CVE reference: CVE-2023-37225
30-day Count (Rolling): 0
365-day Count (Rolling): 0
Calendar-based Variation
Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.
Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%
Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%
Average CVSS: 5.15
Max CVSS: 9.3
Critical CVEs (≥9): 3
| Range | Count |
|---|---|
| 0.0-3.9 | 4 |
| 4.0-6.9 | 23 |
| 7.0-8.9 | 5 |
| 9.0-10.0 | 3 |
These are the five CVEs with the highest CVSS scores for pexip, sorted by severity first and recency.
Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links.
Pexip Infinity before 31.2 has Improper Input Validation for RTCP, allowing remote attackers to trigger an abort.
Pexip Infinity before 31.2 has Improper Input Validation for signalling, allowing remote attackers to trigger an abort.
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
Pexip Infinity 27.x before 27.3 has Improper Input Validation. The client API allows remote attackers to trigger a software abort via a gateway call into Teams.
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN.
Pexip Infinity before 27.0 has improper WebRTC input validation. An unauthenticated remote attacker can use excessive resources, temporarily causing denial of service.
Pexip Infinity 25.x before 25.4 has Improper Input Validation, and thus an unauthenticated remote attacker can cause a denial of service via the administrative web interface.
Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauthenticated remote attacker can trigger a software abort (temporary loss of service).
Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.
Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.
Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.
Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.
Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.
Pexip Infinity before 18 allows remote Denial of Service (XML parsing).
Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).
Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.
The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.
Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.
Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.