Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE  (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2025-34335
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an authenticated command injection vulnerability in the license activation workflow handled by AudioCodes_files/ActivateLicense.php. When a license file is uploaded, the application derives a new filename by combining a generated base name with the attacker-controlled extension portion of the original upload name, then constructs a command line for fax_server_lic_cmdline.exe that includes this path. The extension value is incorporated into the command string without input validation, escaping, or proper argument quotation before being passed to exec(). An authenticated user with access to the license upload interface can supply a specially crafted filename whose extension injects additional shell metacharacters, causing arbitrary commands to be executed as NT AUTHORITY\\SYSTEM.
Severity CVSS v4.0: HIGH
Last modification:
11/12/2025

CVE-2025-34334
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 are vulnerable to an authenticated command injection in the fax test functionality implemented by AudioCodes_files/TestFax.php. When a fax "send" test is requested, the application builds a faxsender command line using attacker-supplied parameters and passes it to GlobalUtils::RunBatchFile without proper validation or shell-argument sanitization. The resulting batch file is written into a temporary run directory and then executed via a backend service that runs as NT AUTHORITY\\SYSTEM. An authenticated attacker with access to the fax test interface can craft parameter values that inject additional shell commands into the generated batch file, leading to arbitrary command execution with SYSTEM privileges. In addition, because the generated batch files reside in a location with overly permissive file system permissions, a local low-privilege user on the server can modify pending batch files to achieve the same elevation.
Severity CVSS v4.0: HIGH
Last modification:
11/12/2025

CVE-2025-34333
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 configure the web document root at C:\\F2MAdmin\\F2E with overly permissive file system permissions. Authenticated local users have modify rights on this directory, while the associated web server process runs as NT AUTHORITY\\SYSTEM. As a result, any local user can create or alter server-side scripts within the webroot and then trigger them via HTTP requests, causing arbitrary code to execute with SYSTEM privileges.
Severity CVSS v4.0: HIGH
Last modification:
11/12/2025

CVE-2025-34332
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\\F2MAdmin\\F2E\\AudioCodes_files\\utils\\Services. When certain service actions are requested through ajaxPost.php, these scripts are invoked by PHP using system() under the NT AUTHORITY\\SYSTEM account. The batch files in this directory are writable by any authenticated local user due to overly permissive ACLs, allowing them to replace script contents with arbitrary commands. On the next service start/stop operation, the modified script is executed as SYSTEM, enabling elevation of local privileges.
Severity CVSS v4.0: HIGH
Last modification:
11/12/2025

CVE-2025-13400
Publication date:
19/11/2025
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity CVSS v4.0: HIGH
Last modification:
20/11/2025

CVE-2025-34331
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 contain an unauthenticated file read vulnerability via the download.php script. The endpoint exposes a file download mechanism that lacks access control, allowing remote, unauthenticated users to request files stored on the appliance based solely on attacker-supplied path and filename parameters. While limited to specific file extensions permitted by the application logic, sensitive backup archives can be retrieved, exposing internal databases and credential hashes. Successful exploitation may lead to disclosure of administrative password hashes and other sensitive configuration data.
Severity CVSS v4.0: HIGH
Last modification:
12/12/2025

CVE-2025-34330
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated prompt upload endpoint at AudioCodes_files/utils/IVR/diagram/ajaxPromptUploadFile.php. The script accepts an uploaded file and writes it into the C:\\F2MAdmin\\tmp directory using a filename derived from application constants, without any authentication, authorization, or file-type validation. A remote, unauthenticated attacker can upload or overwrite prompt- or music-on-hold–related files in this directory, potentially leading to tampering with IVR audio content or preparing files for use in further attacks.
Severity CVSS v4.0: MEDIUM
Last modification:
12/12/2025

CVE-2025-34329
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 expose an unauthenticated backup upload endpoint at AudioCodes_files/ajaxBackupUploadFile.php in the F2MAdmin web interface. The script derives a backup folder path from application configuration, creates the directory if it does not exist, and then moves an uploaded file to that location using the attacker-controlled filename, without any authentication, authorization, or file-type validation. On default Windows deployments where the backup directory resolves to the system drive, a remote attacker can upload web server or interpreter configuration files that cause a log file or other server-controlled resource to be treated as executable code. This allows subsequent HTTP requests to trigger arbitrary command execution under the web server account, which runs as NT AUTHORITY\\SYSTEM.
Severity CVSS v4.0: CRITICAL
Last modification:
12/12/2025

CVE-2025-34328
Publication date:
19/11/2025
AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component (F2MAdmin) that exposes an unauthenticated script-management endpoint at AudioCodes_files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-supplied data directly to a server-side file path under the privileges of the web service account, which runs as NT AUTHORITY\\SYSTEM on Windows deployments. A remote, unauthenticated attacker can write arbitrary files into the product’s web-accessible directory structure and subsequently execute them.
Severity CVSS v4.0: CRITICAL
Last modification:
12/12/2025

CVE-2025-12743
Publication date:
19/11/2025
The Looker endpoint for generating new projects from database connections allows users to specify "looker" as a connection name, which is a reserved internal name for Looker&amp;#39;s internal MySQL database. The schemas parameter is vulnerable to SQL injection, enabling attackers to manipulate SELECT queries that are constructed and executed against the internal MySQL database. This vulnerability allows users with developer permissions to extract data from Looker&amp;#39;s internal MySQL database.<br /> <br /> Looker-hosted and Self-hosted were found to be vulnerable.<br /> This issue has already been mitigated for Looker-hosted instances. No user action is required for these.<br /> <br /> <br /> Self-hosted instances must be upgraded as soon as possible. This vulnerability has been patched in all supported versions of Self-hosted.<br /> The versions below have all been updated to protect against this vulnerability. You can download these versions at the Looker download page https://download.looker.com/ :<br /> * 24.12.106<br /> * 24.18.198+<br /> * 25.0.75<br /> * 25.6.63+<br /> * 25.8.45+<br /> * 25.10.33+<br /> * 25.12.1+<br /> * 25.14+
Severity CVSS v4.0: MEDIUM
Last modification:
19/11/2025

CVE-2025-12766
Publication date:
19/11/2025
An Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of BlackBerry® AtHoc® (OnPrem) version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System (IWS).
Severity CVSS v4.0: Pending analysis
Last modification:
01/12/2025

CVE-2025-63878
Publication date:
19/11/2025
Github Restaurant Website Restoran v1.0 was discovered to contain a SQL injection vulnerability via the Contact Form page.
Severity CVSS v4.0: Pending analysis
Last modification:
31/12/2025
Subscribe to Vulnerabilities