CVE-2025-34333 is a vulnerability classified under CWE-276 (Incorrect Default Permissions) affecting AudioCodes Limited's Fax Server and Auto-Attendant IVR appliances, specifically versions up to and including 2.6.23. The root cause is overly permissive file system permissions on the web document root directory located at C:\F2MAdmin\F2E. Authenticated local users have modify rights on this directory, enabling them to create or alter server-side scripts. The associated web server process runs with NT AUTHORITY\SYSTEM privileges, which means any script executed by the web server inherits these high-level privileges. An attacker with local authenticated access can therefore place malicious scripts in the webroot and trigger them remotely via HTTP requests, resulting in arbitrary code execution with SYSTEM-level privileges. This vulnerability does not require user interaction and has a low attack complexity, but it does require local authentication. The CVSS 4.0 base score is 8.5, reflecting high impact on confidentiality, integrity, and availability due to the potential for full system compromise. No public exploits have been reported yet, but the vulnerability poses a significant risk given the elevated privileges and ease of exploitation once local access is obtained. The lack of available patches at the time of publication necessitates immediate attention to mitigate risk.

For European organizations, this vulnerability poses a critical risk to telephony and fax infrastructure relying on AudioCodes Fax Server and IVR appliances. Successful exploitation can lead to full system compromise, allowing attackers to execute arbitrary code with SYSTEM privileges, potentially disrupting communication services, intercepting or manipulating sensitive voice and fax data, and pivoting to other internal systems. This can result in significant operational downtime, data breaches, and loss of service integrity. Given the role of these appliances in business-critical communications, the impact extends to regulatory compliance issues, especially under GDPR where data confidentiality is paramount. Organizations in sectors such as finance, healthcare, and government, which often rely on secure telephony systems, are particularly vulnerable. The requirement for local authenticated access limits remote exploitation but insider threats or compromised credentials could facilitate attacks. The absence of known exploits in the wild currently reduces immediate risk but does not diminish the potential severity.

To mitigate CVE-2025-34333, European organizations should first verify if they are running affected versions (up to 2.6.23) of AudioCodes Fax Server or Auto-Attendant IVR appliances. Immediate steps include restricting local user permissions on the web document root directory (C:\F2MAdmin\F2E) to remove modify rights for non-administrative users. Implement strict access controls and monitoring for local accounts to detect unauthorized access attempts. Network segmentation should isolate these appliances from general user networks to reduce the risk of local access by unauthorized users. Employ multi-factor authentication (MFA) for all local accounts to mitigate credential compromise risks. Regularly audit file system permissions and monitor web server directories for unauthorized script changes. If possible, disable or limit HTTP access to the webroot directory or configure the web server to run with least privilege rather than SYSTEM. Engage with AudioCodes for patches or updates and apply them promptly once available. Additionally, implement endpoint detection and response (EDR) solutions to detect anomalous script execution or privilege escalation attempts on these devices.