CVE-2025-53399

In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core can allow remote attackers to inject or intercept RTP/SRTP streams via RTP packets. The issue is mitigated in 13.4.1.1 by changing the heuristic exposure to the first five packe...

PT-2025-31511 · Rtpengine +1 · Rtpengine +1

Name of the Vulnerable Software and Affected Versions: rtpengine versions through mr13.3.1.4 Description: rtpengine is susceptible to RTP injection and media redirection, potentially leading to a denial-of-service DoS condition. RTP bleed allows an attacker to redirect a victim’s media, such as...