CVE advisoryCRITICAL
CVE-2025-1782
Authenticated user can gain full server control via HylaFAX Web Interface.
Halo Surface Signal: 3 out of 5 — possibly public-facing.
An internal attacker with authenticated access could run any code as the web server in HylaFAX Enterprise Web Interface and AvantFAX, potentially accessing sensitive files or data. This matters because it could allow full compromise of the affected web server.