CVE-2025-34329
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-19

Last updated on: 2025-12-12

Assigner: VulnCheck

Description
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-19
Last Modified
2025-12-12
Generated
2026-06-16
AI Q&A
2025-11-19
EPSS Evaluated
2026-06-14
NVD
CVE-2025-34329
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
audiocodes fax_server to 2.6.23 (inc)
audiocodes interactive_voice_response to 2.6.23 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. It involves an unauthenticated backup upload endpoint that allows an attacker to upload files without any authentication, authorization, or file-type validation. The uploaded files can be placed in a backup directory that, on default Windows deployments, resolves to the system drive. This enables an attacker to upload malicious files that can be executed by the web server, leading to arbitrary command execution with SYSTEM-level privileges.

Impact Analysis

An attacker can exploit this vulnerability to execute arbitrary commands on the affected system with the highest privileges (NT AUTHORITY\SYSTEM). This can lead to full system compromise, unauthorized access to sensitive data, disruption of services, and potential further attacks within the network.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-34329. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart