vulnerability in iotex-core project

While working on the iotex-core project, we discovered a critical vulnerability in the Go package Pion Interceptor(this dependency used by iotex-core), tracked as [CVE-2025-49140](https://vulert.com/vuln-db/CVE-2025-49140). This vulnerability affects versions v0.1.36 through v0.1.38 and allows an attacker to remotely crash applications using Pion-based SFU (Selective Forwarding Unit) implementations. 
 
[CVE Link](https://vulert.com/vuln-db/CVE-2025-49140)
[CVE Report](https://vulert.com/vuln-scan/list/ab5daa33-bf9d-4347-87cd-3159f3750f6b?sort_order=desc&sort_by=created_at)

  


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

vulnerability in iotex-core project #4651

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

vulnerability in iotex-core project #4651

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions