CVE-2025-34328

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23

Description The web administration component (F2MAdmin) includes an unauthenticated script-management endpoint at /AudioCodes files/utils/IVR/diagram/ajaxScript.php. The saveScript action within this endpoint allows writing attacker-supplied data directly to a file path on the server, running with NT AUTHORITYSYSTEM privileges on Windows. This enables a remote, unauthenticated attacker to write arbitrary files into the product’s web-accessible directory structure and subsequently execute them.

Recommendations Versions prior to 2.6.23 should be updated.