CVE-2025-34331 is a critical vulnerability classified under CWE-306 (Missing Authentication for Critical Function) found in AudioCodes Limited's Fax Server and Auto-Attendant IVR appliances, specifically versions up to and including 2.6.23. The vulnerability resides in the download.php script, which implements a file download feature without enforcing authentication or access control. This flaw allows remote attackers to supply arbitrary path and filename parameters to retrieve files stored on the device. Although the application logic restricts file downloads to certain extensions, attackers can still access sensitive backup archives containing internal databases and credential hashes. The exposure of administrative password hashes and configuration data can facilitate further attacks, including privilege escalation or lateral movement within affected networks. The vulnerability is remotely exploitable without any authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 8.7, reflecting its high severity due to network attack vector, no required privileges, and high confidentiality impact. No known exploits are currently reported in the wild, but the potential for impactful data disclosure is significant. The lack of vendor patches at the time of disclosure necessitates immediate risk mitigation through network-level controls and monitoring.

For European organizations, this vulnerability poses a substantial risk to the confidentiality of sensitive telephony and fax infrastructure data. Exposure of administrative password hashes can lead to credential compromise, enabling attackers to gain unauthorized administrative access to the affected appliances. This can disrupt critical communication services, potentially impacting business operations, customer communications, and regulatory compliance, especially in sectors like finance, healthcare, and government where secure communications are vital. The leakage of internal databases and configuration files may also expose sensitive organizational information or facilitate further attacks on internal networks. Given the appliance's role in handling fax and IVR services, exploitation could also lead to interception or manipulation of voice and fax communications, undermining data integrity and privacy. The high severity and unauthenticated remote exploitability make this a pressing concern for organizations relying on AudioCodes appliances in Europe.

Organizations should immediately audit their network to identify any AudioCodes Fax Server or Auto-Attendant IVR appliances running vulnerable versions (up to 2.6.23). Until vendor patches are released, restrict network access to the download.php endpoint by implementing strict firewall rules or network segmentation to limit exposure to trusted management networks only. Employ intrusion detection and prevention systems (IDS/IPS) to monitor and block suspicious file download requests targeting these appliances. Regularly review appliance logs for unusual access patterns or repeated file download attempts. Change administrative passwords and consider implementing multi-factor authentication on management interfaces where possible. Engage with AudioCodes support to obtain updates or workarounds and plan for timely patch deployment once available. Additionally, conduct security awareness training for IT staff to recognize signs of exploitation and maintain an incident response plan tailored to telephony infrastructure threats.