CVE-2025-2494
Published: 18 March 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-2494, published on 2025-03-18, is an unrestricted file upload vulnerability in Softdial Contact Center from Sytel Ltd. The flaw resides in the '/softdial/phpconsole/upload.php' endpoint, which is protected only by basic HTTP authentication but allows attackers to upload arbitrary files to a directory exposed by the web application. This can enable remote code execution, as the uploaded files may be executable within the server's environment.
Any remote attacker with network access can exploit this vulnerability without requiring privileges, user interaction, or special conditions, given its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By uploading a malicious file such as a web shell, the attacker can achieve code execution on the server, potentially gaining full control over the affected system. The issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).
The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center documents this as one of multiple vulnerabilities in Softdial Contact Center and provides related guidance.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Unrestricted file upload in public-facing web app directly enables T1190 (Exploit Public-Facing Application) and facilitates T1100 (Web Shell) for RCE.