CVE-2025-34335
AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23 are affected by an authenticated command injection in the license activation workflow (ActivateLicense.php). An authenticated user uploading a license file can craft the file name’s extension to inject shell metacharacte...