Jul 24, 2025Ravie LakshmananVulnerability / Community Safety
Mitel has launched safety updates to deal with a important safety flaw in MiVoice MX-ONE that might permit an attacker to bypass authentication protections.
“An authentication bypass vulnerability has been recognized within the Provisioning Supervisor part of Mitel MiVoice MX-ONE, which, if efficiently exploited, might permit an unauthenticated attacker to conduct an authentication bypass assault on account of improper entry management,” the corporate stated in an advisory launched Wednesday.
“A profitable exploit of this vulnerability might permit an attacker to realize unauthorized entry to person or admin accounts within the system.”
The shortcoming, which is but to be assigned a CVE identifier, carries a CVSS rating of 9.4 out of a most of 10.0. It impacts MiVoice MX-ONE variations from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14).
Patches for the problem have been made out there in MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE variations 7.8 and seven.8 SP1, respectively. Clients utilizing MiVoice MX-ONE model 7.3 and above are really helpful to submit a patch request to their licensed service companion.
As mitigations till fixes may be utilized, it is suggested to restrict direct publicity of MX-ONE companies to the general public web and be sure that they’re positioned inside a trusted community.
Together with the authentication bypass flaw, Mitel has shipped updates to resolve a high-severity vulnerability in MiCollab (CVE-2025-52914, CVSS rating: 8.8) that, if efficiently exploited, might allow an authenticated attacker to hold out an SQL injection assault.
“A profitable exploit might permit an attacker to entry person provisioning info and execute arbitrary SQL database instructions with potential impacts on the confidentiality, integrity, and availability of the system,” Mitel stated.
The vulnerability, which impacts MiCollab variations 10.0 (10.0.0.26) to 10.0 SP1 FP1 (10.0.1.101) and 9.8 SP3 (9.8.3.1) and earlier, has been resolved in variations 10.1 (10.1.0.10), 9.8 SP3 FP1 (9.8.3.103), and later.
With shortcomings in Mitel gadgets coming beneath energetic assaults up to now, it is important that customers transfer rapidly to replace their installations as quickly as attainable to mitigate potential threats.
