Vulnerability Details CVE-2025-66377
Pexip Infinity before 39.0 has Missing Authentication for a Critical Function in a product-internal API, allowing an attacker (who already has access to execute code on one node within a Pexip Infinity installation) to impact the operation of other nodes within the installation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.1%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2025-66377
-
cpe:2.3:a:pexip:pexip_infinity:10
-
cpe:2.3:a:pexip:pexip_infinity:10.1
-
cpe:2.3:a:pexip:pexip_infinity:10.2
-
cpe:2.3:a:pexip:pexip_infinity:11
-
cpe:2.3:a:pexip:pexip_infinity:11.1
-
cpe:2.3:a:pexip:pexip_infinity:12
-
cpe:2.3:a:pexip:pexip_infinity:12.1
-
cpe:2.3:a:pexip:pexip_infinity:12.2
-
cpe:2.3:a:pexip:pexip_infinity:13
-
cpe:2.3:a:pexip:pexip_infinity:14
-
cpe:2.3:a:pexip:pexip_infinity:14.1
-
cpe:2.3:a:pexip:pexip_infinity:14.2
-
cpe:2.3:a:pexip:pexip_infinity:15
-
cpe:2.3:a:pexip:pexip_infinity:15.1
-
cpe:2.3:a:pexip:pexip_infinity:16
-
cpe:2.3:a:pexip:pexip_infinity:16.1
-
cpe:2.3:a:pexip:pexip_infinity:16.2
-
cpe:2.3:a:pexip:pexip_infinity:17
-
cpe:2.3:a:pexip:pexip_infinity:17.1
-
cpe:2.3:a:pexip:pexip_infinity:17.2
-
cpe:2.3:a:pexip:pexip_infinity:17.3
-
cpe:2.3:a:pexip:pexip_infinity:18
-
cpe:2.3:a:pexip:pexip_infinity:19
-
cpe:2.3:a:pexip:pexip_infinity:20
-
cpe:2.3:a:pexip:pexip_infinity:20.1
-
cpe:2.3:a:pexip:pexip_infinity:21
-
cpe:2.3:a:pexip:pexip_infinity:21.1
-
cpe:2.3:a:pexip:pexip_infinity:21.2
-
cpe:2.3:a:pexip:pexip_infinity:22
-
cpe:2.3:a:pexip:pexip_infinity:22.1
-
cpe:2.3:a:pexip:pexip_infinity:22.2
-
cpe:2.3:a:pexip:pexip_infinity:22.3
-
cpe:2.3:a:pexip:pexip_infinity:23
-
cpe:2.3:a:pexip:pexip_infinity:23.1
-
cpe:2.3:a:pexip:pexip_infinity:23.2
-
cpe:2.3:a:pexip:pexip_infinity:23.3
-
cpe:2.3:a:pexip:pexip_infinity:23.4
-
cpe:2.3:a:pexip:pexip_infinity:24.1
-
cpe:2.3:a:pexip:pexip_infinity:25.0
-
cpe:2.3:a:pexip:pexip_infinity:25.3
-
cpe:2.3:a:pexip:pexip_infinity:25.4
-
cpe:2.3:a:pexip:pexip_infinity:26.0
-
cpe:2.3:a:pexip:pexip_infinity:26.1
-
cpe:2.3:a:pexip:pexip_infinity:26.2
-
cpe:2.3:a:pexip:pexip_infinity:27.0
-
cpe:2.3:a:pexip:pexip_infinity:27.1
-
cpe:2.3:a:pexip:pexip_infinity:27.2
-
cpe:2.3:a:pexip:pexip_infinity:27.3
-
cpe:2.3:a:pexip:pexip_infinity:28.0
-
cpe:2.3:a:pexip:pexip_infinity:28.1
-
cpe:2.3:a:pexip:pexip_infinity:29.0
-
cpe:2.3:a:pexip:pexip_infinity:29.1
-
cpe:2.3:a:pexip:pexip_infinity:30.0
-
cpe:2.3:a:pexip:pexip_infinity:30.1
-
cpe:2.3:a:pexip:pexip_infinity:31.2
-
cpe:2.3:a:pexip:pexip_infinity:32.0
-
cpe:2.3:a:pexip:pexip_infinity:33.0
-
cpe:2.3:a:pexip:pexip_infinity:34.0
-
cpe:2.3:a:pexip:pexip_infinity:34.1
-
cpe:2.3:a:pexip:pexip_infinity:34.2
-
cpe:2.3:a:pexip:pexip_infinity:35.0
-
cpe:2.3:a:pexip:pexip_infinity:35.1
-
cpe:2.3:a:pexip:pexip_infinity:36.0
-
cpe:2.3:a:pexip:pexip_infinity:36.1
-
cpe:2.3:a:pexip:pexip_infinity:36.2
-
cpe:2.3:a:pexip:pexip_infinity:37.0
-
cpe:2.3:a:pexip:pexip_infinity:37.1
-
cpe:2.3:a:pexip:pexip_infinity:37.2
-
cpe:2.3:a:pexip:pexip_infinity:38.0
-
cpe:2.3:a:pexip:pexip_infinity:38.1
-
cpe:2.3:a:pexip:pexip_infinity:7.0
-
cpe:2.3:a:pexip:pexip_infinity:9