CVE-2025-34332— AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-34332
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE
Source: NVD (National Vulnerability Database)
Vulnerability Description
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain service actions are requested through ajaxPost.php, these scripts are invoked by PHP using system() under the NT AUTHORITY\\SYSTEM account. The batch files in this directory are writable by any authenticated local user due to overly permissive ACLs, allowing them to replace script contents with arbitrary commands. On the next service start/stop operation, the modified script is executed as SYSTEM, enabling elevation of local privileges.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
缺省权限不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
AudioCodes Fax Server 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AudioCodes Fax Server是以色列AudioCodes公司的一个传真服务器。 AudioCodes Fax Server 2.6.23及之前版本存在安全漏洞,该漏洞源于可写的批处理脚本,可能导致本地权限提升。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| AudioCodes Limited | AudioCodes Fax/IVR Appliance | 0 ~ 2.6.23 | - |
II. Public POCs for CVE-2025-34332
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-34332
请登录查看更多情报信息。
Same Patch Batch · AudioCodes Limited · 2025-11-19 · 8 CVEs total
| CVE-2025-34334 | AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & L | |
| CVE-2025-34335 | AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via ActivateLicense | |
| CVE-2025-34328 | AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Upload RCE via ajaxScript.php | |
| CVE-2025-34333 | AudioCodes Fax/IVR Appliance <= 2.6.23 World-Writable Webroot LPE | |
| CVE-2025-34331 | AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File Read via download.php | |
| CVE-2025-34329 | AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backup Upload RCE via ajaxBackupUpl | |
| CVE-2025-34330 | AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Prompt File Upload via ajaxPromptUp |
IV. Related Vulnerabilities
Same product: AudioCodes Fax/IVR Appliance
- CVE-2025-34335
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command - CVE-2025-34334
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command - CVE-2025-34329
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backu - CVE-2025-34331
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File - CVE-2025-34328
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File
Same vendor: AudioCodes Limited
- CVE-2025-34335
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command - CVE-2025-34334
AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command - CVE-2025-34329
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated Backu - CVE-2025-34331
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File - CVE-2025-34328
AudioCodes Fax/IVR Appliance <= 2.6.23 Unauthenticated File
Same weakness: CWE-276
- CVE-2026-0539
Local Privilege Escalation in pcvisit service client - CVE-2026-6823
HKUDS OpenHarness Insecure Default Remote Channel Allowlist - CVE-2026-6819
HKUDS OpenHarness Plugin Management Command Exposure - CVE-2026-39454
SKYSEA Client View 安全漏洞 - CVE-2026-30811
Missing Authorization in Configuration Ajax Endpoint leads t
V. Comments for CVE-2025-34332
No comments yet