Cyber Resilience

CVE-2025-32106

CriticalPublic PoCRCE

Published: 03 June 2025

Published
03 June 2025
Modified
18 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0234 85.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32106 is a critical-severity Code Injection (CWE-94) vulnerability in Audiocodes Mp-112 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 14.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

CVE-2025-32106 affects Audiocodes Mediapack MP-11x devices running firmware through version 6.60A.369.002. The flaw is an instance of CWE-94 in which a crafted POST request can be used to inject and execute arbitrary code on the device. The vulnerability carries a CVSS 3.1 base score of 9.8, reflecting network-accessible, unauthenticated attack complexity that results in full compromise of confidentiality, integrity, and availability.

An unauthenticated remote attacker can submit a specially formed POST request to the affected web interface and obtain the ability to run unauthorized code. Successful exploitation grants the attacker the same privileges as the process handling the request, enabling arbitrary command execution without prior authentication or user interaction.

The listed references point to the vendor site and two technical reports hosted on GitHub; no explicit patch or mitigation guidance is supplied in the available data. The associated EPSS score remains flat at 0.0234 with no observed increase after disclosure.

EU & UK References

Vulnerability details

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability enables unauthenticated remote code execution via a crafted POST request to the Audiocodes Mediapack MP-11x web interface, a public-facing application.

Affected Assets

audiocodes
mp-112 firmware
≤ 6.60A.369.002
audiocodes
mp-114 firmware
≤ 6.60A.369.002
audiocodes
mp-118 firmware
≤ 6.60A.369.002

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-94

Makes persistent code injection into loaded programs impossible when the executable image itself resides on hardware-protected read-only media.

addresses: CWE-94

Dynamically generated code can be produced and executed inside the isolated chamber, preventing host compromise from code-injection payloads.

addresses: CWE-94

Validates inputs used in dynamic code generation to block injected directives.

addresses: CWE-94

Directly prevents execution of attacker-supplied code written into data memory regions.

References