CVE-2025-59683

EPSS 0.29%
Veröffentlicht 25.12.2025 00:00:00
Zuletzt bearbeitet 05.01.2026 19:07:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Pexip Infinity 15.0 through 38.0 before 38.1 has Improper Access Control in the Secure Scheduler for Exchange service, when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, leading to a denial of service.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pexip ≫ Pexip Infinity Version >= 15 < 38.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.29%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.1	3.9	5.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
cve@mitre.org	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://docs.pexip.com/admin/security_bulletins.htm

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59683

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59683

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59683

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-59683