CVE-2025-59683

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 15.0 through 38.0

Description The Pexip Infinity software contains an issue with Improper Access Control in the Secure Scheduler for Exchange service when used with Office 365 Legacy Exchange Tokens. This allows a remote attacker to read potentially sensitive data and excessively consume resources, potentially leading to a denial of service. The issue is actively exploited.

Recommendations Update to Pexip Infinity version 38.1 or later.