CVE-2025-34333

7.8 HIGH

Published: November 19, 2025 Modified: December 11, 2025

Description

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txt

Source: disclosure@vulncheck.com

Exploit Third Party Advisory

https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.html

Source: disclosure@vulncheck.com

Exploit Third Party Advisory

https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdf

Source: disclosure@vulncheck.com

Product

https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-world-writable-webroot-lpe

Source: disclosure@vulncheck.com

Third Party Advisory

4 reference(s) from NVD

Quick Stats

CVSS v3 Score

7.8 / 10.0

EPSS (Exploit Probability)

0.0%

8th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-276

Affected Vendors

audiocodes

Related CVEs

CVE-2025-52691 10.0

CVE-2025-15168 7.3

CVE-2025-15167 7.3

CVE-2025-15166 7.3

CVE-2025-15165 7.3