- A BUG in MIVIIC MX-ONE granted administrative access
- Vulnerability to Micollab allows an arbitrary order execution
- The fixes have been published for both, so users should update now
Mitel Networks has corrected two important vulnerabilities in its products which could be mistreated to obtain administrative access and deploy malicious code on compromise termination points.
In a security notice, Mitel said that he had discovered a lack of bypassing the authentication of critical severity in Mixic MX-One, his Unified Communications & Collaboration (UCC) platform (UCC) of business quality. MX-ONE is designed to go from hundreds to more than 100,000 users in a single distributed or centralized SIP system, and supports cloud deployments on pre-assessments and private / public.
Low weak access control was discovered in the component of the supply manager, which could allow the actors of the threat to obtain administrative access without victim interaction.
Published patches
At the time of the press, the bug has not yet received a CVE, but it received a 9.4 / 10 (critical) gravity score.
It affects versions 7.3 (7.3.0.50.50) to 7.8 SP1 (7.8.1.0.14), and was treated in versions 7.8 (MXO-15711_78SP0) and 7.8 SP1 (MXO-15711_78SP1).
“Do not exhibit MX-ONE services directly to the public Internet. Make sure the MX-ONE system is deployed in a trusted network. The risk can be reduced by restricting access to the supply manager,” said Mitel in the Council.
The second defect he corrected is a high severity SQL injection vulnerability found in Micollab, the company’s collaboration platform. It is followed as CVE-2025-52914 and allows threat actors to execute arbitrary SQL database orders.
The good news is that there is still no evidence that these two faults have been mistreated in nature, it is therefore prudent to assume that no threat actor has yet found it.
However, many cybercriminals simply await the news of a vulnerability to break, betting that many organizations fail to correct their systems in time.
Although this somewhat reduces the number of potential victims, this facilitates the compromise of others, and this number is often still high enough to give the actors of the threat an incentive.
Via Bleeping Compompute
