CVE-2025-49088

MEDIUM

Pexip Infinity < 37.2 - Reachable Assertion

Title source: rule

Description

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

References (1)

[Vendor Advisory] https://docs.pexip.com/admin/security_bulletins.htm

Scores

CVSS v3 5.9

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-617

Status published

Products (1)

pexip/pexip_infinity 32.0 - 37.2

Published Dec 25, 2025

Tracked Since Feb 18, 2026