Improper Access Control in Pexip Infinity Product by Pexip
CVE-2025-59683

8.2HIGH

Key Information:

Vendor: Pexip
Status: Infinity
Vendor: CVE Published:; 25 December 2025

What is CVE-2025-59683?

Pexip Infinity versions 15.0 to 38.0 prior to 38.1 are susceptible to improper access control due to vulnerabilities in the Secure Scheduler for Exchange service. Specifically, when utilizing Office 365 Legacy Exchange Tokens, remote attackers can gain unauthorized access to sensitive data and can exploit this weakness to consume system resources excessively. This exploitation may lead to service disruptions or denial of service, impacting usability and security for end users.

Affected Version(s)

Infinity 15.0 < 38.1

References

https://docs.pexip.com/admin/security_bulletins.htm

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 25, 2025
Vulnerability Reserved
Sep 18, 2025

JSON