Description

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.

INFO

Published Date :

2025-08-01T00:00:00.000Z

Last Modified :

2025-11-04T22:06:44.119Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-53399 vulnerability.

Vendors Products
Sipwise
  • Rtpengine
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-53399.

URL Resource
http://seclists.org/fulldisclosure/2025/Aug/1 cve-icon
http://www.openwall.com/lists/oss-security/2025/07/31/1 cve-icon
https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject cve-icon cve-icon
https://github.com/sipwise/rtpengine/commits/rfuchs/security/ cve-icon cve-icon
https://github.com/sipwise/rtpengine/releases/tag/mr13.4.1.1 cve-icon cve-icon
https://www.openwall.com/lists/oss-security/2025/07/31/1 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability