Summary: Pexip has issued a security bulletin highlighting critical vulnerabilities in its Infinity platform, including a severe heap-based buffer overflow and two denial-of-service vulnerabilities. While the critical vulnerability poses high risk, its exploitation requires operating system access to the affected nodes, lowering the overall risk assessment. Users are urged to upgrade to version 37.0 and ensure restricted access to mitigate these vulnerabilities.
Affected: Pexip Infinity platform
Keypoints :
- CVE-2024-12084: Critical heap-based buffer overflow in the rsync daemon, CVSS score of 9.8.
- Denial-of-service vulnerabilities (CVE-2025-32095 and CVE-2025-30080) capable of triggering a software abort, both with a CVSS score of 7.5.
- Mitigation involves upgrading to Pexip Infinity v37.0 and ensuring only trusted users have OS access.
Source: https://securityonline.info/pexip-issues-urgent-security-update-to-address-critical-vulnerabilities/