Unrated severityNVD Advisory· Published Nov 19, 2025· Updated Nov 20, 2025

AudioCodes Fax/IVR Appliance <= 2.6.23 World-Writable Webroot LPE

CVE-2025-34333

Description

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.

Affected products

AudioCodes/Fax Server and Auto Server and IVR appliancesllm-create
Range: <= 2.6.23
AudioCodes Limited/AudioCodes Fax/IVR Appliancev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txtmitretechnical-descriptionexploit
pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilities.htmlmitretechnical-descriptionexploit
www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-for-audiocodes-auto-attendant-ivr-solution.pdfmitrevendor-advisorypatchmitigation
www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-world-writable-webroot-lpemitrethird-party-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000