Mitel Networks has launched safety updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform.
MX-ONE is the corporate’s SIP-based communications system, which may scale to assist a whole lot of 1000’s of customers.
The vital safety flaw is because of an improper entry management weak spot found within the MiVoice MX-ONE Provisioning Supervisor part and has but to be assigned a CVE ID. Unauthenticated attackers can exploit it in low-complexity assaults that do not require person interplay to realize unauthorized entry to administrator accounts on unpatched methods.
Based on Mitel, the vulnerability impacts MiVoice MX-ONE working variations 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14) and was patched in variations 7.8 (MXO-15711_78SP0) and seven.8 SP1 (MXO-15711_78SP1).
“Don’t expose the MX-ONE companies on to the general public web. Be certain that the MX-ONE system is deployed inside a trusted community. The chance could also be mitigated by limiting entry to the Provisioning Supervisor service,” Mitel mentioned.
Prospects working MiVoice MX-ONE model 7.3 and later are suggested to submit a patch request to the corporate by their licensed service accomplice.
Immediately, Mitel additionally disclosed a high-severity SQL injection vulnerability (CVE-2025-52914) in its MiCollab collaboration platform, which could be abused to execute arbitrary SQL database instructions on unpatched gadgets.
Whereas these two safety bugs haven’t been tagged as exploited within the wild, CISA warned U.S. federal businesses in January of a MiCollab path traversal vulnerability (CVE-2024-55550) utilized in assaults and allowed authenticated risk actors with admin privileges to learn arbitrary information on weak servers.
One month earlier, the corporate patched a MiCollab arbitrary file learn zero-day bug (CVE-2024-41713) found by watchTowr Labs researchers, which might let attackers entry information on a server’s file system.
Mitel’s merchandise are used by over 60,000 prospects and greater than 75 million customers throughout varied sectors, together with training, healthcare, monetary companies, manufacturing, and authorities.
CISOs know that getting board buy-in begins with a transparent, strategic view of how cloud safety drives enterprise worth.
This free, editable board report deck helps safety leaders current danger, impression, and priorities in clear enterprise phrases. Flip safety updates into significant conversations and quicker decision-making within the boardroom.
