Main Vulnerability Database SB2026010712

SB2026010712 - Usage of weak PRNG in coTURN

Published: January 7, 2026

Security Bulletin ID SB2026010712

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2025-69217)

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to usage of bad random number generator for nonces and port randomization after refactoring. A remote attacker can send 50 unauthenticated allocations requests and completely reconstruct the current state of the random number generator, leading to spoofing. authentication bypass and denial of service.

Remediation

Install update from vendor's website.

References

https://github.com/coturn/coturn/releases/tag/4.8.0
https://github.com/coturn/coturn/commit/11fc465f4bba70bb0ad8aae17d6c4a63a29917d9
https://github.com/coturn/coturn/commit/88ced471385869d7e7fbbc4766e78ef521b36af6
https://github.com/coturn/coturn/security/advisories/GHSA-fvj6-9jhg-9j84