CVE-2025-34330
The CVE-2025-34330 entry affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web admin component (F2MAdmin) exposes an unauthenticated endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php that accepts uploaded files and writes them into C:\F2...