PT-2025-31511 · Rtpengine+1 · Rtpengine+1
Sandro Gauci
·
Published
2025-07-31
·
Updated
2025-08-01
·
CVE-2025-53399
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
rtpengine versions through mr13.3.1.4
Description
rtpengine is susceptible to RTP injection and media redirection, potentially leading to a denial-of-service (DoS) condition. RTP bleed allows an attacker to redirect a victim’s media, such as audio, to a host controlled by the attacker. RTP inject enables attackers to insert arbitrary RTP packets into active calls.
Recommendations
Versions prior to mr13.3.2 should be updated.
Fix
DoS
Origin Validation Error
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Rtpengine