Primary

Context

Pexip Infinity WebRTC Direct Media Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Pexip Infinity versions 35.0 through 38.1, prior to 39.0. The issue arises in non-default configurations that enable Direct Media for WebRTC calls. The vulnerability is due to improper input validation in the signaling implementation, allowing an attacker to trigger a software abort, which temporarily disrupts service.

Impact

Exploitation of this vulnerability leads to a software abort, causing a temporary denial-of-service condition on the affected system.

Remediation

Users can upgrade to Pexip Infinity version 39.0 to address this vulnerability. For those using versions 35.0 to 38.1, Direct Media for WebRTC calls can be disabled on a per-conference basis by navigating to Services > Virtual Meeting Rooms, selecting the desired Virtual Meeting Room, and changing the Enable direct media option to Never.

Added: Dec 25, 2025, 5:17 AM

Updated: Dec 25, 2025, 5:17 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

7.6

remediation

8.3

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

7.6

remediation

8.3

relevance

1.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pexip Infinity WebRTC Direct Media Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Pexip Infinity

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating