CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.

CVSS

No CVSS.

References

Link	Resource
https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject
https://github.com/sipwise/rtpengine/commits/rfuchs/security/
https://github.com/sipwise/rtpengine/releases/tag/mr13.4.1.1
https://www.openwall.com/lists/oss-security/2025/07/31/1

Configurations

No configuration.

History

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) En Sipwise rtpengine anterior a la versión 13.4.1.1, un error de validación de origen en la lógica de aprendizaje de endpoints del núcleo de retransmisión de medios permite a atacantes remotos inyectar o interceptar flujos de medios RTP/SRTP mediante paquetes RTP (excepto cuando la retransmisión está configurada con origen estricto y el aprendizaje está deshabilitado). La versión 13.4.1.1 corrige el modo heurístico limitando la exposición a los primeros cinco paquetes e introduce un indicador de recifrado que previene completamente los ataques SRTP cuando ambas mitigaciones están habilitadas.

01 Aug 2025, 04:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-01 04:16

Updated : 2025-08-04 15:06

NVD link : CVE-2025-53399

Mitre link : CVE-2025-53399

CVE.ORG link : CVE-2025-53399

JSON object : View

Products Affected

No product.

CWE

CWE-346

Origin Validation Error

{"id": "CVE-2025-53399", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-01T04:16:16.683", "references": [{"url": "https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject", "source": "cve@mitre.org"}, {"url": "https://github.com/sipwise/rtpengine/commits/rfuchs/security/", "source": "cve@mitre.org"}, {"url": "https://github.com/sipwise/rtpengine/releases/tag/mr13.4.1.1", "source": "cve@mitre.org"}, {"url": "https://www.openwall.com/lists/oss-security/2025/07/31/1", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "cve@mitre.org", "description": [{"lang": "en", "value": "CWE-346"}]}], "descriptions": [{"lang": "en", "value": "In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled."}, {"lang": "es", "value": "En Sipwise rtpengine anterior a la versi\u00f3n 13.4.1.1, un error de validaci\u00f3n de origen en la l\u00f3gica de aprendizaje de endpoints del n\u00facleo de retransmisi\u00f3n de medios permite a atacantes remotos inyectar o interceptar flujos de medios RTP/SRTP mediante paquetes RTP (excepto cuando la retransmisi\u00f3n est\u00e1 configurada con origen estricto y el aprendizaje est\u00e1 deshabilitado). La versi\u00f3n 13.4.1.1 corrige el modo heur\u00edstico limitando la exposici\u00f3n a los primeros cinco paquetes e introduce un indicador de recifrado que previene completamente los ataques SRTP cuando ambas mitigaciones est\u00e1n habilitadas."}], "lastModified": "2025-08-04T15:06:15.833", "sourceIdentifier": "cve@mitre.org"}