← Voltar para CVEs
CVE-2025-59683
HIGH8.2
Descricao
Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.
Detalhes CVE
Pontuacao CVSS v3.18.2
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/25/2025
Ultima modificacao1/5/2026
Fontenvd
Avistamentos honeypot0
Produtos afetados
pexip:pexip_infinity
Fraquezas (CWE)
CWE-863
Referencias
https://docs.pexip.com/admin/security_bulletins.htm(cve@mitre.org)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.