CVE-2025-34330

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23

Description The web administration component (F2MAdmin) includes an unauthenticated prompt upload endpoint at /AudioCodes files/utils/IVR/diagram/ajaxPromptUploadFile.php. This script accepts uploaded files and writes them to the C:F2MAdmintmp directory using a filename derived from application constants, without authentication, authorization, or file-type validation. An unauthenticated remote attacker can upload or overwrite prompt- or music-on-hold–related files, potentially tampering with IVR audio content or preparing files for further attacks.

Recommendations Versions prior to 2.6.23 should be updated.