CVE-2025-34328

216.73.216.6

· Published 19/11/2025 17:15 · Modified 12/12/2025 16:10

Labels: CVE-2025-34328 2025-11-19 CVE-2025-34328 CWE-434 [email protected]

Essential information

Published: 19/11/2025 17:15
Modified: 12/12/2025 16:10
Author: —
Creator: —
CVSS: 9.3 CRITICAL (v3) 9.3 CRITICAL (v4.0)
CISA KEV: No
CWE: —
CVSS vector: —

CVSS metrics

Description

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-side file path under the privileges of the web service account, which runs as NT AUTHORITY\\SYSTEM on Windows deployments. A remote, unauthenticated attacker can write arbitrary files into the product’s web-accessible directory structure and subsequently execute them.

NVD status

Status: Analyzed — CVE has had analysis completed and all data associations made.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
audiocodes / fax server	`cpe:2.3:a:audiocodes:fax_server::::::::`
audiocodes / interactive voice response	`cpe:2.3:a:audiocodes:interactive_voice_response::::::::`