CVE-2025-32105 is a critical buffer overflow vulnerability identified in the HTTP server component of the Sangoma IMG2020 device, specifically affecting versions up to 2.3.9.6. This vulnerability allows an unauthenticated attacker to remotely execute arbitrary code on the affected device. The root cause is a classic buffer overflow (CWE-120), where insufficient bounds checking on input data leads to memory corruption. Because the vulnerability is exploitable over the network without requiring any authentication or user interaction, it presents a severe risk. The attacker can send specially crafted HTTP requests to the IMG2020's HTTP server, triggering the overflow and gaining control over the device. The CVSS v3.1 base score is 9.8, indicating critical severity with high impact on confidentiality, integrity, and availability. The vulnerability affects the core telephony gateway device used in enterprise and service provider environments for voice and data communications. No patches or mitigations are currently listed, and no known exploits have been reported in the wild yet, but the ease of exploitation and critical impact make it a high-priority issue for affected organizations.

For European organizations, the impact of this vulnerability can be substantial. The Sangoma IMG2020 is commonly deployed in telecommunications infrastructure, enterprise voice gateways, and unified communications environments. Successful exploitation can lead to full compromise of the device, allowing attackers to intercept, manipulate, or disrupt voice and data traffic. This can result in loss of confidentiality of sensitive communications, disruption of critical business operations, and potential lateral movement into internal networks. Given the device's role in telephony infrastructure, availability impacts could cause significant operational downtime and service degradation. Additionally, compromised devices could be leveraged as footholds for broader attacks or as part of botnets. European organizations relying on Sangoma IMG2020 devices in sectors such as finance, government, healthcare, and critical infrastructure are particularly at risk due to the sensitive nature of their communications and regulatory requirements around data protection and service continuity.

Immediate mitigation steps include isolating affected IMG2020 devices from untrusted networks to reduce exposure. Network segmentation should be enforced to limit access to the HTTP management interface strictly to trusted administrators. Organizations should monitor network traffic for anomalous HTTP requests targeting the IMG2020 devices. Since no official patches are currently available, consider deploying Web Application Firewalls (WAFs) or Intrusion Prevention Systems (IPS) with custom rules to detect and block exploit attempts targeting this buffer overflow. Vendors and users should prioritize obtaining and applying any forthcoming firmware updates or patches from Sangoma as soon as they are released. Additionally, organizations should conduct thorough audits of their telephony infrastructure to identify all IMG2020 devices and assess exposure. Implementing strict access controls, multi-factor authentication for management interfaces, and regular security assessments will help reduce risk. Finally, prepare incident response plans specific to telephony infrastructure compromise scenarios.