Critical RCE Vulnerability Affects HylaFAX and AvantFAX - #CVE-2025-1782
A critical remote code execution vulnerability, CVE-2025-1782, has been discovered in HylaFAX Enterprise Web Interface and AvantFAX. The flaw stems from inadequate sanitization of a language form element, enabling attackers with valid user accounts to execute arbitrary PHP files. This high-severity vulnerability, with a CVSS 3.1 base score of 9.9, affects multiple versions of both software systems. HylaFAX Enterprise Web Interface versions 1.3.1 and below, along with AvantFAX versions 3.4.0 and below, are susceptible to this exploit. In response, iFAX Solutions has released patched versions: 1.3.2 and 1.2.1 for HylaFAX Enterprise Web Interface, and 3.4.1 for AvantFAX. Given the critical nature of this vulnerability, users are strongly advised to update their systems immediately to mitigate potential security risks.