Home

Description

Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.

PUBLISHED Reserved 2025-11-28 | Published 2025-12-25 | Updated 2025-12-25 | Assigner mitre




HIGH: 7.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

CWE-306 Missing Authentication for Critical Function

Product status

Default status
unaffected

Any version before 39.0
affected

References

docs.pexip.com/admin/security_bulletins.htm

cve.org (CVE-2025-66377)

nvd.nist.gov (CVE-2025-66377)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.