CRITICAL
ifax
CVE published 2025-04-14
CVE-2025-1782
A critical authentication-bypassed remote code execution vulnerability exists in HylaFAX Enterprise Web Interface and AvantFAX. The language form element fails to sanitize input before PHP inclusion, enabling authenticated attackers to execute arbitrary code as the web server user. CVSS 9.9 reflects network attack vector, low complexity, and high impact across confidentiality, integrity, and availability [truncated]