Mitel Networks has launched security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform.
MX-ONE is the corporate’s SIP-based communications system, which might scale to help lots of of 1000’s of customers.
The important security flaw is because of an improper entry management weak point found within the MiVoice MX-ONE Provisioning Supervisor part and has but to be assigned a CVE ID. Unauthenticated attackers can exploit it in low-complexity assaults that do not require person interplay to realize unauthorized entry to administrator accounts on unpatched methods.
Based on Mitel, the vulnerability impacts MiVoice MX-ONE operating variations 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14) and was patched in variations 7.8 (MXO-15711_78SP0) and seven.8 SP1 (MXO-15711_78SP1).
“Don’t expose the MX-ONE companies on to the general public web. Be certain that the MX-ONE system is deployed inside a trusted community. The chance could also be mitigated by limiting entry to the Provisioning Supervisor service,” Mitel stated.
Clients operating MiVoice MX-ONE model 7.3 and later are suggested to submit a patch request to the corporate by means of their approved service associate.
Right now, Mitel additionally disclosed a high-severity SQL injection vulnerability (CVE-2025-52914) in its MiCollab collaboration platform, which could be abused to execute arbitrary SQL database instructions on unpatched units.
Whereas these two security bugs haven’t been tagged as exploited within the wild, CISA warned U.S. federal businesses in January of a MiCollab path traversal vulnerability (CVE-2024-55550) utilized in assaults and allowed authenticated menace actors with admin privileges to learn arbitrary recordsdata on susceptible servers.
One month earlier, the corporate patched a MiCollab arbitrary file learn zero-day bug (CVE-2024-41713) found by watchTowr Labs researchers, which may let attackers entry recordsdata on a server’s file system.
Mitel’s merchandise are used by over 60,000 prospects and greater than 75 million customers throughout numerous sectors, together with training, healthcare, monetary companies, manufacturing, and authorities.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud security drives enterprise worth.
This free, editable board report deck helps security leaders current threat, influence, and priorities in clear enterprise phrases. Flip security updates into significant conversations and sooner decision-making within the boardroom.
