CVE-2025-69217
Unknown Unknown - Not Provided
Predictable Nonces and Ports in coturn Enable Authentication Bypass

Publication date: 2025-12-30

Last updated on: 2025-12-30

Assigner: GitHub, Inc.

Description
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's random() (if it's not running on Windows). When fetching about 50 sequential nonces (i.e., through sending 50 unauthenticated allocations requests) it is possible to completely reconstruct the current state of the random number generator, thereby predicting the next nonce. This allows authentication while spoofing IPs. An attacker can send authenticated messages without ever receiving the responses, including the nonce (requires knowledge of the credentials, which is e.g., often the case in IoT settings). Since the port randomization is deterministic given the pseudorandom seed, an attacker can exactly reconstruct the ports and, hence predict the randomization of the ports. If an attacker allocates a relay port, they know the current port, and they are able to predict the next relay port (at least if it is not used before). Commit 11fc465f4bba70bb0ad8aae17d6c4a63a29917d9 contains a fix.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-30
Last Modified
2025-12-30
Generated
2026-06-16
AI Q&A
2025-12-30
EPSS Evaluated
2026-06-15
NVD
CVE-2025-69217
EUVD
EUVD-2025-205680
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
coturn coturn 4.6.2r5
coturn coturn 4.7.0-r4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-338 The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects coturn versions 4.6.2r5 through 4.7.0-r4, where the random number generator used for nonces and port randomization is weak. Instead of using OpenSSL's secure RAND_bytes, it uses libc's random(), which can be predicted. By observing about 50 sequential nonces through unauthenticated allocation requests, an attacker can reconstruct the random number generator's state and predict future nonces. This allows the attacker to authenticate while spoofing IP addresses and send authenticated messages without receiving responses. Additionally, port randomization is deterministic and can be predicted, enabling attackers to know current and future relay ports.

Impact Analysis

The vulnerability allows attackers to predict authentication nonces and relay ports, enabling them to spoof IP addresses and send authenticated messages without proper responses. This can lead to unauthorized access or misuse of the TURN/STUN server, potentially disrupting services or allowing attackers to bypass security controls that rely on nonce unpredictability and port randomization.

Mitigation Strategies

Update coturn to a version that includes the fix for this vulnerability, specifically a version that contains commit 11fc465f4bba70bb0ad8aae17d6c4a63a29917d9 or later.

Detection Guidance

This vulnerability can be detected by monitoring for predictable or sequential nonce values and relay port allocations in coturn server traffic. Since the weakness allows an attacker to reconstruct the random number generator state by capturing about 50 sequential nonces through unauthenticated allocation requests, you can attempt to send multiple unauthenticated allocation requests to the coturn server and analyze the returned nonces for predictability or patterns. Commands to perform this detection might involve using STUN/TURN client tools or custom scripts to send multiple allocation requests and capture nonce values. For example, using a TURN client or tools like 'turnutils_uclient' (part of coturn) to send repeated allocation requests and log the nonces. Then, analyze the sequence of nonces for predictability or linearity, which indicates the vulnerability. Additionally, monitoring relay port assignments for predictable increments or patterns can help detect the vulnerability. However, no specific detection commands are provided in the resources. [2]

Compliance Impact

The provided resources do not contain information regarding the impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart