CVE-2025-34332

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23

Description The web administration component of the software controls Windows services using batch scripts located under C:F2MAdminF2EAudioCodes filesutilsServices. These scripts are invoked by PHP using the system() function under the NT AUTHORITYSYSTEM account when certain service actions are requested through the ajaxPost.php endpoint. Overly permissive Access Control Lists (ACLs) allow any authenticated local user to modify the contents of these scripts. By replacing script contents with arbitrary commands, an attacker can achieve local privilege escalation when the modified script is executed as SYSTEM during service start or stop operations.

Recommendations Versions prior to 2.6.23 should be used.