CVE-2025-49088 MEDIUM

CVE-2025-49088

Vendor Pexip
Product Infinity
Weakness CWE-617
Published December 25, 2025
Last update December 26, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

Key dates

02Disclosure timeline

December 25, 2025 CVE published
December 26, 2025 Record updated