Cybersecurity News

Home News Vulnerability Mitel Patches Critical Flaw Opening MiVoice MX-ONE to Takeover
Vulnerability

Mitel Patches Critical Flaw Opening MiVoice MX-ONE to Takeover

A serious vulnerability in Mitel's MiVoice MX-ONE phone system could allow attackers to completely bypass login security, potentially granting them full administrative control. Mitel has issued patches to address the issue, urging users to update immediately.

70 views
Mitel Patches Critical Flaw Opening MiVoice MX-ONE to Takeover

A serious security vulnerability has been discovered in MiVoice MX-ONE, and you'll want to patch it ASAP. This flaw could allow attackers to sneak past authentication and gain unauthorized access.

Mitel itself warned that this "authentication bypass vulnerability" in the Provisioning Manager component is a big deal. An attacker could potentially bypass security measures due to "improper access control."

What's the worst that could happen? Well, a successful exploit could give hackers unauthorized access to both regular user and admin accounts. Not good!

This vulnerability, currently awaiting a CVE identifier, has a scary CVSS score of 9.4 out of 10. It affects MiVoice MX-ONE versions 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14).

The good news? Patches are already available! Look for MXO-15711_78SP0 and MXO-15711_78SP1 for MX-ONE versions 7.8 and 7.8 SP1, respectively. If you're running version 7.3 or higher, Mitel recommends requesting a patch from your authorized service partner.

In the meantime, while you're waiting for the fix, Mitel suggests limiting direct exposure of MX-ONE services to the public internet. Keep them tucked away within a trusted network for now.

Another Vulnerability: MiCollab SQL Injection

But wait, there's more! Mitel also released updates to fix a high-severity vulnerability (CVE-2025-52914, CVSS score: 8.8) in MiCollab. This one could allow an authenticated attacker to launch an SQL injection attack.

Mitel explains that a successful exploit could let attackers access user provisioning information and even execute arbitrary SQL database commands. This could compromise the confidentiality, integrity, and availability of your system.

This MiCollab vulnerability impacts versions 10.0 (10.0.0.26) to 10.0 SP1 FP1 (10.0.1.101) and 9.8 SP3 (9.8.3.1) and earlier. You'll want to upgrade to versions 10.1 (10.1.0.10), 9.8 SP3 FP1 (9.8.3.103), or later to be protected.

Why This Matters

Mitel devices have been targets in the past, and even involved in active attacks. It's super important to update your systems as quickly as possible to avoid becoming a victim.

Tags:
Network Security Critical Vulnerability Mitel MiVoice MX-ONE Authentication Bypass VoIP Security

Related Articles

Apple Fixes Safari Flaw Previously Targeted in Chrome Zero-Day Attacks
Vulnerability

Apple Fixes Safari Flaw Previously Targeted in Chrome Zero-Day Attacks

1 day ago
Chinese Hackers Target Critical Systems Worldwide Using SAP Flaw
Vulnerability

Chinese Hackers Target Critical Systems Worldwide Using SAP Flaw

May 13
Commvault Bug Exploited in the Wild Lands on CISA's Must-Patch List
Vulnerability

Commvault Bug Exploited in the Wild Lands on CISA's Must-Patch List

May 5
AI Systems Riddled with Security Holes, Data Theft a Real Threat
Vulnerability

AI Systems Riddled with Security Holes, Data Theft a Real Threat

Apr 29
Back to All News