216.73.217.172

CVE-2025-34333

· Published 19/11/2025 17:15 · Modified 11/12/2025 21:18

Labels: CVE-2025-34333 2025-11-19CVE-2025-34333CWE-276[email protected]

Essential information

Published
19/11/2025 17:15
Modified
11/12/2025 21:18
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.

NVD status

Status
Analyzed — CVE has had analysis completed and all data associations made.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
audiocodes / fax server cpe:2.3:a:audiocodes:fax_server:*:*:*:*:*:*:*:*
audiocodes / interactive voice response cpe:2.3:a:audiocodes:interactive_voice_response:*:*:*:*:*:*:*:*

References