Lucene search
+L

CVE-2025-34334

🗓️ 19 Nov 2025 16:23:47Reported by VulnCheckType 
cve
 cve
🔗 web.nvd.nist.gov👁 21 Views🌐 WEB

CVE-2025-34334: Authenticated command injection in AudioCodes Fax/IVR up to 2.6.23 via TestFax.php enabling SYSTEM access.

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
circl
CVE-2025-34334
19 Nov 202517:30
circl
cnnvd
AudioCodes Fax Server 安全漏洞
19 Nov 202500:00
cnnvd
cvelist
CVE-2025-34334 AudioCodes Fax/IVR Appliance <= 2.6.23 Authenticated Command Injection via TestFax.php & LPE
19 Nov 202516:23
cvelist
euvd
EUVD-2025-198195
19 Nov 202516:23
euvd
nvd
CVE-2025-34334
19 Nov 202517:15
nvd
osv
CVE-2025-34334
19 Nov 202517:15
osv
packetstorm
📄 AudioCodes Fax/IVR Appliance 2.6.23 File Upload / Code Execution / Privilege Escalation
20 Nov 202500:00
packetstorm
packetstormnews
AudioCodes Fax/IVR Appliance 2.6.23 Scanner
21 Nov 202500:00
packetstormnews
ptsecurity
PT-2025-47483
19 Nov 202500:00
ptsecurity
redhatcve
CVE-2025-34334
20 Nov 202521:36
redhatcve
Rows per page
NVD
Vulners
CNA
[
  {
    "defaultStatus": "unknown",
    "product": "AudioCodes Fax/IVR Appliance",
    "vendor": "AudioCodes Limited",
    "versions": [
      {
        "lessThanOrEqual": "2.6.23",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
nameupload dataAudioCodes_files/utils/IVR/diagram/ajaxScript.phpPost-authenticated command injection via unsanitized input in file_write path, enabling writing attacker-controlled web shells and executing commands as SYSTEM.CWE-78
valueupload dataAudioCodes_files/utils/IVR/diagram/ajaxScript.phpPost-authenticated command injection via unsanitized input in file_write path, enabling writing attacker-controlled web shells and executing commands as SYSTEM.CWE-78
fileToUploadupload dataAudioCodes_files/ajaxBackupUploadFile.phpPre-authentication file upload that can write arbitrary files to privileged directories, enabling further exploitation.CWE-78
fileToUploadupload dataAudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.phpPre-authenticated file upload vulnerability allowing arbitrary file uploads to critical directories.CWE-78
baseDirquery paramAudioCodes_files/download.phpPre-authenticated file read vulnerability exposing sensitive backups: potential data exposure.CWE-78
fquery paramAudioCodes_files/download.phpPre-authenticated file read vulnerability exposing sensitive backups: potential data exposure.CWE-78
uploadedfileupload dataF2MAdmin/F2E/AudioCodes_files/ActivateLicense.phpPost-authenticated file upload leading to command execution through unsanitized filename handling.CWE-78
methodquery param / path/f2mw-service-api/?method=runBatch&fileName=tmp_1754486471_37.batPost-authenticated command injection via runBatch service executing crafted batch files with SYSTEM privileges.CWE-78
fileNamequery param / path/f2mw-service-api/?method=runBatch&fileName=tmp_1754486471_37.batPost-authenticated command injection via runBatch service executing crafted batch files with SYSTEM privileges.CWE-78

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 09:13Current
7High risk
Vulners AI Score7
CVSS 3.18.8
CVSS 48.7
EPSS0.03188
SSVC
21