How to fix CVE-2025-32105?

Within 24 hours: Identify all Sangoma IMG2020 instances running version 2.3.9.6 or earlier and isolate them from untrusted networks. Within 7 days: Implement WAF rules to block malicious HTTP requests targeting the vulnerable endpoint, restrict HTTP server access to authorized IP ranges only, and disable unnecessary HTTP services if feasible. Within 30 days: Monitor vendor communications for patch availability and prepare emergency patching procedures; consider alternative platforms if patch is not released within 60 days.

Is Img2020 Firmware affected by CVE-2025-32105?

A critical remote code execution vulnerability (CVE-2025-32105) affects Sangoma IMG2020 HTTP servers up to version 2.3.9.6, allowing unauthenticated attackers to execute arbitrary code.

CVE-2025-32105

EUVD-2025-16751 CRITICAL

2025-06-03 [email protected]

Buffer Overflow RCE Img2020 Firmware

9.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16751

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

PoC Detected

Jun 18, 2025 - 14:15 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 17:15 nvd

CRITICAL 9.8

DescriptionNVD

A buffer overflow in the the Sangoma IMG2020 HTTP server through 2.3.9.6 allows an unauthenticated user to achieve remote code execution.

AnalysisAI

Buffer overflow in Sangoma IMG2020 HTTP server through 2.3.9.6. EPSS 0.74%. PoC available.

Technical ContextAI

CWE-120.

RemediationAI

Update.

CVE-2025-32105 vulnerability details – vuln.today

Back

CVE-2025-32105

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code