File Read Vulnerability in Zenitel AlphaCom Products
CVE-2025-59819

6.5MEDIUM

Key Information:

Vendor: Zenitel
Status: Alphacom Xe Audio Server
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-59819?

This vulnerability in Zenitel's AlphaCom product line allows authenticated attackers to exploit a flaw in the file path parameter handling. By manipulating this parameter, attackers can gain unauthorized access to files on the server, potentially exposing sensitive information. This poses significant risks to data integrity and confidentiality, making it critical for organizations using these products to implement necessary security measures.

Affected Version(s)

alphacom_xe_audio_server *

References

https://www.zenitel.com/sites/default/files/2025-12/A100K...

vendor-advisory

https://wiki.zenitel.com/wiki/AlphaCom_13.02_-_Release_Notes

release-notes

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Sep 22, 2025

CVE-2025-59819 Data

JSON