CVE-2025-32106 is a critical remote code execution (RCE) vulnerability affecting Audiocodes Mediapack MP-11x devices running firmware version 6.60A.369.002 or earlier. The vulnerability arises from improper handling of crafted HTTP POST requests, allowing an unauthenticated remote attacker to execute arbitrary code on the affected device. This is classified under CWE-94, which corresponds to improper control of code generation or execution, indicating that the device fails to properly validate or sanitize input before executing it. The vulnerability has a CVSS v3.1 base score of 9.8, reflecting its critical severity with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploitation does not require authentication or user interaction, making it highly exploitable remotely. Although no known exploits are currently reported in the wild, the nature of the vulnerability and the critical CVSS score suggest that exploitation could lead to full system compromise, including unauthorized access, data theft, service disruption, or pivoting within the network. Audiocodes Mediapack MP-11x devices are typically used in enterprise VoIP and telephony infrastructures, meaning that successful exploitation could disrupt critical communication services and expose sensitive voice and network data.

For European organizations, the impact of this vulnerability could be severe, especially for enterprises and service providers relying on Audiocodes Mediapack MP-11x devices for their telephony and unified communications infrastructure. Successful exploitation could lead to unauthorized access to internal networks, interception or manipulation of voice communications, disruption of telephony services, and potential lateral movement to other critical systems. This could affect sectors such as finance, healthcare, government, and telecommunications, where secure and reliable voice communications are essential. Additionally, compromised devices could be used as footholds for broader cyber espionage or ransomware campaigns targeting European entities. The lack of authentication requirement and ease of exploitation increase the risk of widespread attacks, potentially impacting business continuity and regulatory compliance with data protection laws such as GDPR.

1. Immediate patching: Organizations should monitor Audiocodes' official channels for firmware updates addressing CVE-2025-32106 and apply patches as soon as they become available. 2. Network segmentation: Isolate Audiocodes Mediapack devices from general network traffic, placing them in dedicated VLANs with strict access controls to limit exposure. 3. Access restrictions: Implement firewall rules to restrict inbound HTTP POST requests to trusted management networks only, blocking unsolicited traffic from untrusted sources. 4. Intrusion detection and prevention: Deploy network-based IDS/IPS solutions configured to detect anomalous HTTP POST requests targeting Audiocodes devices. 5. Device hardening: Disable unnecessary services and interfaces on the Mediapack devices to reduce the attack surface. 6. Monitoring and logging: Enable detailed logging on affected devices and monitor for unusual activity or signs of exploitation. 7. Incident response readiness: Prepare incident response plans specifically addressing potential exploitation of telephony infrastructure vulnerabilities. 8. Vendor engagement: Engage with Audiocodes support for guidance and to confirm the availability of patches or workarounds.