CVE-2025-34331

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23

Description The software contains an unauthenticated file read issue through the download.php script. The script exposes a file download mechanism without proper access control, enabling unauthenticated remote users to request files from the appliance using attacker-supplied path and filename parameters. While the application limits file extensions, sensitive backup archives can be retrieved, potentially exposing internal databases and credential hashes. Exploitation may lead to the disclosure of administrative password hashes and other sensitive configuration data. The vulnerable endpoint is /download.php and utilizes parameters such as filename and path to retrieve files.

Recommendations Versions prior to 2.6.23 should be updated.