CVE-2025-34333
BaseFortify
Publication date: 2025-11-19
Last updated on: 2025-12-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| audiocodes | fax_server | to 2.6.23 (inc) |
| audiocodes | interactive_voice_response | to 2.6.23 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-276 | During installation, installed file permissions are set to allow anyone to modify those files. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23, where the web document root directory is configured with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the web server process runs with SYSTEM privileges. This allows any local user to create or modify server-side scripts in the webroot and execute them via HTTP requests, resulting in arbitrary code execution with SYSTEM-level privileges.
How can this vulnerability impact me? :
The vulnerability can allow an authenticated local user to execute arbitrary code with SYSTEM privileges on the affected device. This can lead to full control over the system, potentially allowing the attacker to manipulate data, disrupt services, or further compromise the network.