{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-23T22:02:15.824","vulnerabilities":[{"cve":{"id":"CVE-2025-53399","sourceIdentifier":"cve@mitre.org","published":"2025-08-01T04:16:16.683","lastModified":"2026-06-17T09:38:08.653","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled."},{"lang":"es","value":"En Sipwise rtpengine anterior a la versión 13.4.1.1, un error de validación de origen en la lógica de aprendizaje de endpoints del núcleo de retransmisión de medios permite a atacantes remotos inyectar o interceptar flujos de medios RTP/SRTP mediante paquetes RTP (excepto cuando la retransmisión está configurada con origen estricto y el aprendizaje está deshabilitado). La versión 13.4.1.1 corrige el modo heurístico limitando la exposición a los primeros cinco paquetes e introduce un indicador de recifrado que previene completamente los ataques SRTP cuando ambas mitigaciones están habilitadas."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"Sipwise","product":"rtpengine","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"13.4.1.1","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"LOW","subIntegrityImpact":"LOW","subAvailabilityImpact":"LOW","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-08-01T17:48:09.336462Z","id":"CVE-2025-53399","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-346"}]}],"references":[{"url":"https://github.com/EnableSecurity/advisories/tree/master/ES2025-01-rtpengine-improper-behavior-bleed-inject","source":"cve@mitre.org"},{"url":"https://github.com/sipwise/rtpengine/commits/rfuchs/security/","source":"cve@mitre.org"},{"url":"https://github.com/sipwise/rtpengine/releases/tag/mr13.4.1.1","source":"cve@mitre.org"},{"url":"https://www.openwall.com/lists/oss-security/2025/07/31/1","source":"cve@mitre.org"},{"url":"http://seclists.org/fulldisclosure/2025/Aug/1","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openwall.com/lists/oss-security/2025/07/31/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}