Mitel Releases Security Advisory for MiCollab
Critical path traversal vulnerability could allow a remote unauthenticated attacker to perform unauthorised administrative actions
Summary
Critical path traversal vulnerability could allow a remote unauthenticated attacker to perform unauthorised administrative actions
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Mitel has released a security advisory to address a critical severity vulnerability in Mitel MiCollab. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams.
The vulnerability, which has no CVE identifier at time of publish, is a "path traversal" vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to provisioning information and perform unauthorised administrative actions on the MiCollab server.
Similar MiCollab vulnerability previously saw widespread exploitation
In December 2024, NHS England published high severity Cyber Alert (HSA) CC-4588 for a near-identical vulnerability CVE-2024-41713 that was under active exploitation with a public proof-of-concept exploit.
Due to similarities with CVE-2024-41713, the NHS England National CSOC assesses future exploitation of this new vulnerability as highly likely.
Remediation advice
Affected organisations are strongly encouraged to review Mitel Security Advisory MISA-2025-0007 and update MiCollab to the latest version as soon as possible.
Definitive source of threat updates
Last edited: 12 June 2025 11:58 am