Mitel Releases Security Advisory for Mitel SIP Phones

Mitel releases security advisory addressing two vulnerabilities in Mitel SIP Phones

Threat ID:: CC-4653
Threat Severity:: Medium
Published:: 12 May 2025 1:57 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Mitel releases security advisory addressing two vulnerabilities in Mitel SIP Phones

Affected platforms

The following platforms are known to be affected:

Versions: R6.4.0.SP4 and earlier

Mitel SIP Phones

Mitel 6800 Series SIP Phones
Mitel 6900 Series SIP Phones
Mitel 6900w Series SIP Phone
Mitel 6970 Conference Unit

Threat details

Introduction

Mitel has released security advisory addressing two vulnerabilities in Mitel SIP Phones including Mitel 6800 Series, 6900 Series, 6900w Series and 6970 Conference Unit.

CVE-2025-47188 has a CVSSv3 base score of 9.8 and is a 'command injection' vulnerability that could allow an unauthenticated attacker to inject and execute arbitrary commands on the device. Exploitation could lead to disclosure or modification of sensitive system and user configuration data that could potentially impact device availability and operation.

CVE-2025-47187 has a CVSSv3 base score of 5.3 and is an 'unauthenticated file upload' vulnerability that could allow an unauthenticated attacker to upload arbitrary files on the device that may lead to storage exhaustion without affecting the device's availability or operation.

Remediation advice

Affected organisations are encouraged to review the latest Mitel Security Advisory and upgrade to version R6.4.0.SP5 (or above) as soon as practicable.

Definitive source of threat updates

https://www.mitel.com/support/mitel-product-security-advisory-misa-2025-0004

CVE Vulnerabilities

Status Reserved

CVE-2025-47188

Status Reserved

CVE-2025-47187

Last edited: 12 May 2025 1:57 pm