Mitel Releases Security Advisories for MiVoice MX-One and MiCollab
A critical authentication bypass vulnerability could allow a remote unauthenticated attacker to gain unauthorised access to user or admin accounts
Summary
A critical authentication bypass vulnerability could allow a remote unauthenticated attacker to gain unauthorised access to user or admin accounts
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Mitel has released security advisories to address vulnerabilities in Mitel MiVoice MX-ONE and MiCollab, which are cloud-based platforms that help manage business communications.
The critical vulnerability, which has no CVE identifier at the time of publishing this Cyber Alert, affects Mitel MiVoice MX-One and is an authentication bypass vulnerability with a CVSSv3 score of 9.4. Successful exploitation could allow a remote unauthenticated attacker to gain unauthorised access to user or admin accounts in the system.
The high severity vulnerability CVE-2025-52914 affects MiCollab and is a SQL injection vulnerability with a CVSSv3 score of 8.8. Successful exploitation could allow an authenticated attacker to gain unauthorised access to provisioning information and execute arbitrary SQL database commands.
Remediation advice
Affected organisations are encouraged to review Mitel Security Advisories and apply any relevant updates.
Remediation steps
| Type | Step |
|---|---|
| Patch |
Mitel Product Security Advisory MISA-2025-0008 MiCollab SQL injection Vulnerability https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0008 |
| Patch |
Mitel Product Security Advisory MISA-2025-0009 MX-ONE Authentication Bypass Vulnerability https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 24 July 2025 2:40 pm