Cyber Resilience

CVE-2025-2494

High

Published: 18 March 2025

Published
18 March 2025
Modified
21 October 2025
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 34.1th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-2494 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sytel Softdial Contact Center. Its CVSS base score is 8.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-2494, published on 2025-03-18, is an unrestricted file upload vulnerability in Softdial Contact Center from Sytel Ltd. The flaw resides in the '/softdial/phpconsole/upload.php' endpoint, which is protected only by basic HTTP authentication but allows attackers to upload arbitrary files to a directory exposed by the web application. This can enable remote code execution, as the uploaded files may be executable within the server's environment.

Any remote attacker with network access can exploit this vulnerability without requiring privileges, user interaction, or special conditions, given its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By uploading a malicious file such as a web shell, the attacker can achieve code execution on the server, potentially gaining full control over the affected system. The issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).

The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center documents this as one of multiple vulnerabilities in Softdial Contact Center and provides related guidance.

EU & UK References

Vulnerability details

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory…

more

exposed by the web application, which could result in code execution, giving the attacker full control over the server.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload in public-facing web app directly enables T1190 (Exploit Public-Facing Application) and facilitates T1100 (Web Shell) for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-2493Same product: Sytel Softdial Contact Center
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434

Affected Assets

sytel
softdial contact center
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Implements input validation at the upload endpoint to reject arbitrary or dangerous file types and contents, directly preventing exploitation of the unrestricted file upload vulnerability.

prevent

Restricts classes of information inputs such as executable files to authorized users or processes, blocking uploads of malicious web shells to the exposed directory.

prevent

Limits system to essential capabilities by disabling unnecessary file upload endpoints like /softdial/phpconsole/upload.php, eliminating the vulnerable functionality.

References