Description
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM.
INFO
Published Date :
2025-11-19T16:23:09.072Z
Last Modified :
2025-11-20T15:21:16.647Z
Source :
VulnCheck
AFFECTED PRODUCTS
The following products are affected by CVE-2025-34329 vulnerability.
| Vendors | Products |
|---|---|
| Audiocodes |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2025-34329.
