CVE-2025-2494 HIGH

CVE-2025-2494: Unrestricted file upload vulnerability in Softdial Contact Center

Vendor Sytel Ltd
Product Softdial Contact Center
Weakness CWE-434 · Unrestricted file upload
Published March 18, 2025
Last update March 18, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Unrestricted file upload to Softdial Contact Center of Sytel Ltd. This vulnerability could allow an attacker to upload files to the server via the ‘/softdial/phpconsole/upload.php’ endpoint, which is protected by basic HTTP authentication. The files are uploaded to a directory exposed by the web application, which could result in code execution, giving the attacker full control over the server.

Key dates

02Disclosure timeline

March 18, 2025 CVE published
March 18, 2025 Record updated