Primary

Context

Pexip Infinity Improper Access Control Vulnerability in Secure Scheduler for Exchange Service

Vulnerability

Patched

A vulnerability exists in Pexip Infinity versions 15.0 through 38.0 prior to 38.1, specifically within the Secure Scheduler for Exchange service when used with Office 365 Legacy Exchange Tokens. This vulnerability allows remote attackers to read potentially sensitive data and excessively consume resources, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in unauthorized access to sensitive data and resource exhaustion, causing a denial-of-service condition.

Remediation

Users running Pexip Infinity Version 37.1 or newer should ensure that all Secure Scheduler for Exchange integrations are using an 'Add-in authentication token type' of 'SSO Token' or 'NAA (Nested App Authentication) Token'. For versions prior to 37.1, upgrading to Pexip Infinity v38.1 is recommended.

Added: Dec 25, 2025, 5:19 AM

Updated: Dec 25, 2025, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

7.6

remediation

8.3

relevance

1.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

7.6

remediation

8.3

relevance

1.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pexip Infinity Improper Access Control Vulnerability in Secure Scheduler for Exchange Service

Vulnerability

Impact

Remediation

Affected Products

Pexip Infinity

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating