While working on the sst project, we discovered a critical vulnerability in the Go package Pion Interceptor(this dependency used by sst), tracked as CVE-2025-49140. This vulnerability affects versions v0.1.36 through v0.1.38 and allows an attacker to remotely crash applications using Pion-based SFU (Selective Forwarding Unit) implementations.
While working on the sst project, we discovered a critical vulnerability in the Go package Pion Interceptor(this dependency used by sst), tracked as CVE-2025-49140. This vulnerability affects versions v0.1.36 through v0.1.38 and allows an attacker to remotely crash applications using Pion-based SFU (Selective Forwarding Unit) implementations.
CVE Link CVE Report