CVE-2025-32096 – Pexip Infinity versions 33.0 through 37.0 have ... (How to Fix)

Q: What is the severity of CVE-2025-32096?

CVE-2025-32096 has a CVSS score of 7.5 (HIGH). Pexip Infinity versions 33.0 through 37.0 have improper input validation in signaling that allows attackers to trigger a software abort, causing denial of service. This affects all deployments running vulnerable versions of Pexip Infinity video conferencing platform.

📋 TL;DR

Pexip Infinity versions 33.0 through 37.0 have improper input validation in signaling that allows attackers to trigger a software abort, causing denial of service. This affects all deployments running vulnerable versions of Pexip Infinity video conferencing platform.

💻 Affected Systems

Products:

Pexip Infinity

Versions: 33.0 through 37.0 (before 37.1)

Operating Systems: Linux-based appliance OS

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments with signaling enabled are vulnerable; no special configuration required.

📦 What is this software?

Pexip Infinity by Pexip

View all CVEs affecting Pexip Infinity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Pexip Infinity conferencing services, affecting all active meetings and connections.

🟠

Likely Case

Targeted DoS attacks causing service interruptions for specific conferences or system components.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring to detect and block attack attempts.

🌐 Internet-Facing: HIGH - Signaling interfaces are typically exposed to handle conference connections.

🏢 Internal Only: MEDIUM - Internal attackers could still disrupt services affecting organizational communications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

CWE-617 suggests relatively straightforward exploitation via malformed signaling input.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 37.1 or later

Vendor Advisory: https://docs.pexip.com/admin/security_bulletins.htm

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download Pexip Infinity 37.1+ from vendor portal. 3. Apply update via management interface. 4. Restart services as prompted. 5. Verify functionality post-update.

🔧 Temporary Workarounds

Network segmentation

linux

Restrict access to signaling ports to trusted networks only

iptables -A INPUT -p tcp --dport <signaling_port> -s <trusted_network> -j ACCEPT
iptables -A INPUT -p tcp --dport <signaling_port> -j DROP

🧯 If You Can't Patch

Implement strict network ACLs to limit signaling traffic to trusted sources only
Deploy WAF or IPS with rules to detect malformed signaling patterns

🔍 How to Verify

Check if Vulnerable:

Check Pexip Infinity version via management interface: Admin > System > About

Check Version:

ssh admin@pexip-host 'show version' or check web interface

Verify Fix Applied:

Confirm version is 37.1 or higher and monitor for abnormal service restarts

📡 Detection & Monitoring

Log Indicators:

Unexpected service restarts
Abnormal signaling message patterns
Increased error rates in signaling logs

Network Indicators:

Spike in malformed SIP/H.323 packets
Unusual traffic to signaling ports from untrusted sources

SIEM Query:

source="pexip" AND (event_type="service_restart" OR error_code="signaling_error")

📊 Metadata

CVE ID: CVE-2025-32096

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-617

EPSS Score: 0.06% exploit probability (18.7th percentile)

Published: December 25, 2025

Last Updated: January 5, 2026

🔗 References

https://docs.pexip.com/admin/security_bulletins.htm Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-32096, you might also want to check these: