CNNVD-202508-007 Information
CNNVD ID
CNNVD-202508-007
Related CVE
- CNNVD Published: 2025-08-01
Description (Chinese)
rtpengine是Sipwise开源的一个媒体代理软件。 rtpengine 13.4.1.1之前版本存在访问控制错误漏洞,该漏洞源于端点学习逻辑存在源验证错误,可能导致RTP/SRTP媒体流注入或拦截。
Description (English)
Rtpingine is an open source media agent software. Before version 13.4.1.1, there was a bug in access control, which stemmed from a source-validation error in end-point learning logic that could lead to TRP/SRTP media stream injection or interception.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Sipwise
Published
2025-08-01
Last Modified
2026-02-24
References
https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject https://github.com/sipwise/rtpengine/commits/rfuchs/security/ https://github.com/sipwise/rtpengine/releases/tag/mr13.4.1.1 https://www.openwall.com/lists/oss-security/2025/07/31/1 https://access.redhat.com/security/cve/cve-2025-53399
Patch
https://github.com/sipwise/rtpengine/releases
Share on: