Mitel Networks has launched safety updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform.
MX-ONE is the corporate’s SIP-based communications system, which may scale to assist tons of of 1000’s of customers.
The vital safety flaw is because of an improper entry management weak spot found within the MiVoice MX-ONE Provisioning Supervisor element and has but to be assigned a CVE ID. Unauthenticated attackers can exploit it in low-complexity assaults that do not require consumer interplay to realize unauthorized entry to administrator accounts on unpatched programs.
In keeping with Mitel, the vulnerability impacts MiVoice MX-ONE operating variations 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14) and was patched in variations 7.8 (MXO-15711_78SP0) and seven.8 SP1 (MXO-15711_78SP1).
“Don’t expose the MX-ONE providers on to the general public web. Be certain that the MX-ONE system is deployed inside a trusted community. The chance could also be mitigated by proscribing entry to the Provisioning Supervisor service,” Mitel mentioned.
Clients operating MiVoice MX-ONE model 7.3 and later are suggested to submit a patch request to the corporate by their approved service associate.
Immediately, Mitel additionally disclosed a high-severity SQL injection vulnerability (CVE-2025-52914) in its MiCollab collaboration platform, which will be abused to execute arbitrary SQL database instructions on unpatched gadgets.
Whereas these two safety bugs haven’t been tagged as exploited within the wild, CISA warned U.S. federal businesses in January of a MiCollab path traversal vulnerability (CVE-2024-55550) utilized in assaults and allowed authenticated risk actors with admin privileges to learn arbitrary information on susceptible servers.
One month earlier, the corporate patched a MiCollab arbitrary file learn zero-day bug (CVE-2024-41713) found by watchTowr Labs researchers, which might let attackers entry information on a server’s file system.
Mitel’s merchandise are used by over 60,000 prospects and greater than 75 million customers throughout numerous sectors, together with schooling, healthcare, monetary providers, manufacturing, and authorities.
Comprise rising threats in actual time – earlier than they affect what you are promoting.
Find out how cloud detection and response (CDR) provides safety groups the sting they want on this sensible, no-nonsense information.