CVE-2025-34335 — HIGH (8.8)

Q: How severe is CVE-2025-34335?

CVE-2025-34335 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-34335?

Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes Fax Server, Audiocodes Interactive Voice Response.

Vulnerability Description

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\\SYSTEM.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Audiocodes	Fax Server	<= 2.6.23
Audiocodes	Interactive Voice Response	< 2.6.23

Related Weaknesses (CWE)

CWE-78

References

https://pierrekim.github.io/advisories/2025-audiocodes-fax-ivr.txtExploitThird Party Advisory
https://pierrekim.github.io/blog/2025-11-20-audiocodes-fax-ivr-8-vulnerabilitiesExploitThird Party Advisory
https://www.audiocodes.com/media/g1in2u2o/0548-product-notice-end-of-service-forProduct
https://www.vulncheck.com/advisories/audiocodes-fax-ivr-appliance-authenticated-Third Party Advisory

FAQ

What is CVE-2025-34335?

CVE-2025-34335 is a vulnerability with a CVSS score of 8.8 (HIGH). AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioC...

How severe is CVE-2025-34335?

CVE-2025-34335 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-34335?

Check the references section above for vendor advisories and patch information. Affected products include: Audiocodes Fax Server, Audiocodes Interactive Voice Response.