Mitel Issues Security Updates for MiVoice and MiCollab
In recent news, Mitel has rolled out critical security updates aimed at addressing significant vulnerabilities in their MiVoice MX-ONE and MiCollab products. These updates are essential for protecting user data and maintaining the integrity of the systems.
Authentication Bypass in MiVoice MX-ONE
Mitel has flagged an alarming authentication bypass vulnerability within the Provisioning Manager component of MiVoice MX-ONE. This flaw could enable unauthorized individuals to gain access to user or administrative accounts without proper authentication. In an advisory released on Wednesday, Mitel emphasized the severity of this issue, noting it results from inadequate access controls.
The implications of such a security breach are considerable. If attackers exploit this vulnerability, they could manipulate system settings or access sensitive user information, posing a real risk to organizational security.
Vulnerability Details
This vulnerability, which currently does not have a CVE identifier, has received a staggering CVSS score of 9.4 on a scale of 10. The affected versions span from MiVoice MX-ONE 7.3 (7.3.0.0.50) through to 7.8 SP1 (7.8.1.0.14). For users on these versions, Mitel has provided specific patches: MXO-15711_78SP0 and MXO-15711_78SP1 for the respective 7.8 and 7.8 SP1 versions.
Customers using MiVoice MX-ONE version 7.3 and above are encouraged to promptly request patches from their authorized service partners to secure their systems.
Recommended Mitigations
Until users can implement the suggested patches, Mitel advises minimizing direct exposure of MX-ONE services to the public internet. Instead, placing these services within a trusted internal network can help mitigate potential exploitation risks during this period.
High-Severity SQL Injection Vulnerability in MiCollab
In addition to the MX-ONE vulnerability, Mitel has addressed a significant flaw in their MiCollab software. This high-severity vulnerability (CVE-2025-52914), rated at 8.8 on the CVSS scale, could allow authenticated attackers to conduct SQL injection attacks. Such exploits enable unauthorized access to user provisioning data and the execution of arbitrary SQL commands, potentially jeopardizing the confidentiality and integrity of the system.
Affected Verses and Resolutions
The MiCollab vulnerability affects versions ranging from 10.0 (10.0.0.26) to 10.0 SP1 FP1 (10.0.1.101) and earlier releases of 9.8 SP3 (9.8.3.1). Mitel has released security updates in versions 10.1 (10.1.0.10), along with 9.8 SP3 FP1 (9.8.3.103), which resolve these security concerns.
Urgent Call to Action
Given the history of active attacks targeting Mitel devices, it’s crucial for users to act swiftly. Implementing these updates is essential to safeguarding against potential threats that could exploit these vulnerabilities. Regularly updating software and applying security patches can dramatically reduce the risk of cyber threats, ensuring both user data and company systems remain secure.
By prioritizing these security updates, organizations can better defend against the evolving landscape of network security vulnerabilities and maintain robust operational integrity.
