CVE-2025-2494
Published: 18 March 2025
Summary
CVE-2025-2494 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Sytel Softdial Contact Center. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 34.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-2494, published on 2025-03-18, is an unrestricted file upload vulnerability in Softdial Contact Center from Sytel Ltd. The flaw resides in the '/softdial/phpconsole/upload.php' endpoint, which is protected only by basic HTTP authentication but allows attackers to upload arbitrary files to a directory exposed by the web application. This can enable remote code execution, as the uploaded files may be executable within the server's environment.
Any remote attacker with network access can exploit this vulnerability without requiring privileges, user interaction, or special conditions, given its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). By uploading a malicious file such as a web shell, the attacker can achieve code execution on the server, potentially gaining full control over the affected system. The issue is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).
The INCIBE-CERT advisory at https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-softdial-contact-center documents this as one of multiple vulnerabilities in Softdial Contact Center and provides related guidance.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7570
- 🇪🇸 INCIBE: www.incibe.es
Vulnerability details
Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory…
more
exposed by the web application, which could result in code execution, giving the attacker full control over the server.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted file upload in public-facing web app directly enables T1190 (Exploit Public-Facing Application) and facilitates T1100 (Web Shell) for RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Implements input validation at the upload endpoint to reject arbitrary or dangerous file types and contents, directly preventing exploitation of the unrestricted file upload vulnerability.
Restricts classes of information inputs such as executable files to authorized users or processes, blocking uploads of malicious web shells to the exposed directory.
Limits system to essential capabilities by disabling unnecessary file upload endpoints like /softdial/phpconsole/upload.php, eliminating the vulnerable functionality.