CVE-2026-25994

Exploitation Summary

EIP tracks 3 public exploits for CVE-2026-25994. PoCs published by vabismo452, adminlove520, VABISMO.

AI-analyzed exploit summary This is a functional exploit for CVE-2026-25994, a heap buffer overflow in PJPROJECT's PJNATH ICE session handling. The PoC sends a crafted SIP INVITE with an oversized 'ice-ufrag' attribute to trigger a stack overflow in pj_ice_sess_create_check_list().

Description

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a buffer overflow vulnerability exists in PJNATH ICE Session when processing credentials with excessively long usernames.

Exploits (3)

exploitdb WORKING POC

by vabismo452 · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52561

View Code ZIP pw:eip

This is a functional exploit for CVE-2026-25994, a heap buffer overflow in PJPROJECT's PJNATH ICE session handling. The PoC sends a crafted SIP INVITE with an oversized 'ice-ufrag' attribute to trigger a stack overflow in pj_ice_sess_create_check_list().

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: PJPROJECT (pjsip) <= 2.16

No auth needed

Prerequisites: Target running pjsip with ICE enabled · Network access to SIP port (default 5060)

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed May 15, 2026 Full analysis →

github WORKING POC 3 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2026/CVE-2026-25994

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2026-25994, a stack-based buffer overflow in the PJNATH ICE implementation of pjsip ≤ 2.16. The exploit sends a crafted SIP INVITE with an oversized ice-ufrag to trigger the overflow, with detailed technical analysis and a reliable crash mechanism.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: pjsip ≤ 2.16

No auth needed

Prerequisites: Network access to the target SIP server · Target running pjsip with ICE enabled

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed May 04, 2026 Full analysis →

nomisec WORKING POC 1 stars

by VABISMO · poc

https://github.com/VABISMO/cve-2026-25994_PJSIP

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2026-25994, a stack-based buffer overflow in the PJNATH ICE implementation of pjsip ≤ 2.16. The exploit sends a crafted SIP INVITE with an oversized ice-ufrag to trigger the overflow, demonstrating the vulnerability.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: pjsip ≤ 2.16

No auth needed

Prerequisites: Target running pjsip with ICE enabled

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://github.com/pjsip/pjproject/security/advisories/GHSA-j29p-pvh2-pvqp

Patch x_refsource_misc

https://github.com/pjsip/pjproject/commit/063b3a155f163cc5a9a1df2c56b6720fd3a0dbb0

View Patch ZIP pw:eip

pjsip < 2.16 - Buffer Overflow in PJNATH ICE Session via Long Username

Exploitation Summary

Description

Exploits (3)

References (2)

Scores

CISA SSVC

Details