CVE-2025-34334 is an authenticated OS command injection vulnerability in AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. The vulnerability resides in the fax test feature implemented in AudioCodes_files/TestFax.php, where user-supplied parameters are concatenated into a command line for the faxsender utility without proper sanitization or escaping. This command line is written into a batch file in a temporary directory and executed by a backend service running with NT AUTHORITY\SYSTEM privileges. Because the input is not neutralized, an attacker with valid credentials to the fax test interface can inject arbitrary shell commands into the batch file, resulting in remote code execution with SYSTEM-level privileges. Furthermore, the batch files are stored in a directory with overly permissive file system permissions, allowing local low-privilege users to modify pending batch files and escalate privileges. The vulnerability does not require user interaction and has a low attack complexity, making exploitation feasible once authenticated. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) reflects network attack vector, low complexity, no additional authentication beyond initial login, no user interaction, and high impact on confidentiality, integrity, and availability. No public exploits are currently known, but the severity and ease of exploitation pose a significant threat to affected environments.

For European organizations, this vulnerability poses a critical risk to the confidentiality, integrity, and availability of telephony and fax infrastructure. Successful exploitation allows attackers to execute arbitrary commands with SYSTEM privileges, potentially leading to full system compromise, data exfiltration, disruption of fax and IVR services, and lateral movement within the network. Given the role of AudioCodes appliances in enterprise voice and fax communications, disruption could impact business operations, customer communications, and regulatory compliance. The ability for local low-privilege users to escalate privileges also increases insider threat risks. Organizations in sectors with high reliance on voice infrastructure, such as finance, healthcare, and government, are particularly vulnerable. The lack of public exploits currently provides a window for proactive mitigation, but the high CVSS score indicates that exploitation would have severe consequences.

1. Immediately restrict access to the fax test interface to trusted administrators only, ideally via network segmentation and VPN with strong authentication. 2. Monitor and audit access logs to detect any unauthorized or suspicious use of the fax test functionality. 3. Harden file system permissions on the temporary batch file directories to prevent modification by low-privilege users. 4. Implement application-layer input validation and sanitization if possible to prevent injection of shell commands. 5. Deploy host-based intrusion detection systems (HIDS) to monitor execution of batch files and unusual command executions. 6. Apply vendor patches or updates as soon as they become available to address this vulnerability. 7. Consider disabling the fax test feature if it is not required operationally. 8. Conduct regular security assessments and penetration tests focusing on telephony infrastructure. 9. Educate administrators about the risks of authenticated command injection and the importance of credential security. 10. Maintain up-to-date backups and incident response plans to quickly recover from potential compromises.