CVE-2025-34330 is a vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) affecting AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The issue resides in the web administration component named F2MAdmin, specifically in the ajaxPromptUploadFile.php script located at AudioCodes_files/utils/IVR/diagram/. This script exposes an unauthenticated file upload endpoint that accepts files from remote attackers without any authentication or authorization checks. Uploaded files are saved directly into the C:\F2MAdmin\tmp directory with filenames derived from application constants, but critically, there is no validation of the file type or content. This lack of restrictions allows attackers to upload or overwrite prompt or music-on-hold audio files used by the IVR system. By manipulating these files, attackers could alter IVR audio prompts, potentially misleading users or disrupting telephony services. Furthermore, the ability to upload arbitrary files might be leveraged to stage further attacks, such as placing malicious payloads for local execution or persistence if other vulnerabilities exist. The vulnerability has a CVSS 4.0 base score of 6.9, reflecting its network attack vector, no required privileges or user interaction, and low complexity, but limited impact on confidentiality and availability. No patches or known exploits are currently reported, but the exposed unauthenticated upload endpoint represents a significant attack surface in telephony infrastructure.

For European organizations, this vulnerability poses risks primarily to the integrity and availability of telephony services. Unauthorized modification of IVR prompts or music-on-hold files can disrupt customer interactions, cause misinformation, or degrade service quality. In sectors relying heavily on telephony systems for customer support, such as finance, healthcare, and government, this could lead to operational disruptions and reputational damage. Additionally, if attackers leverage this vulnerability to stage further attacks, it could escalate into broader compromise of internal networks. Given the unauthenticated nature of the upload, attackers can exploit this remotely without prior access, increasing the threat level. The impact is particularly relevant for organizations using AudioCodes Fax/IVR appliances in their telephony infrastructure, which are widely deployed in Europe. Disruptions in critical communication systems could have cascading effects on business continuity and regulatory compliance, especially under GDPR and other data protection frameworks.

European organizations should immediately audit their telephony infrastructure to identify affected AudioCodes Fax Server and Auto-Attendant IVR appliance versions (up to 2.6.23). Since no patches are currently available, implement compensating controls such as network segmentation to restrict access to the F2MAdmin web administration interface, allowing only trusted management hosts. Deploy web application firewalls (WAFs) or intrusion prevention systems (IPS) to detect and block unauthorized file upload attempts targeting ajaxPromptUploadFile.php. Monitor logs for unusual file upload activity or changes in the C:\F2MAdmin\tmp directory. Consider disabling or restricting the web administration component if not essential. Engage with AudioCodes support for updates or patches and apply them promptly once released. Additionally, implement strict access controls and multi-factor authentication for telephony management interfaces to prevent unauthorized access. Conduct regular security assessments and penetration tests focusing on telephony systems to detect similar vulnerabilities.