CVE-2025-34331 | AudioCodes Fax Server/Auto-Attendant IVR up to 2.6.23 Endpoint download.php path/filename missing authentication

A vulnerability classified as critical was found in AudioCodes Fax Server and Auto-Attendant IVR up to 2.6.23. This vulnerability affects unknown code of the file download.php of the component Endpoint. Executing manipulation of the argument path/filename can lead to missing authentication. This vulnerability only affects products that are no longer supported by the maintainer.

This vulnerability is tracked as CVE-2025-34331. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More