Security Intelligence
Loading table of contents...
Loading table of contents...
Researchers published a proof-of-concept (POC) exploit for a critical vulnerability in Mitel SIP (Session Initiation Protocol) phones.
The vulnerability, CVE-2025-47188, could allow for the execution of malicious commands within the context of the phone if successfully exploited. This could lead to disclosure or modification of sensitive system and user configuration data, and potentially affect device availability and operation.
The vulnerability severity has been assigned a CVSS score of 9.3, and Mitel applied fixes to it in May 2025.
Stay on top of emerging threats.
Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities.
On June 11, Mitel also released an advisory on a separate critical vulnerability in MiCollab that can be exploited remotely and without authentication. The flaw, which does not currently have a CVE identifier, received a CVSS score of 9.8, and could allow unauthorized access to non-sensitive user and network information, and perform unauthorized administrative actions on the MiCollab Server.
A patch is included in versions 9.8 SP3 (9.8.3.1) and later. MiCollab 10.0.0.26 and later versions are not affected.
Analysis:
Earlier this year, threat actors exploited similar vulnerabilities in Mitel products. These popular communications tools are used by corporations, small to medium-sized businesses, and companies operating remotely, making them attractive targets. We recommend verifying that the latest patches are applied to these products.
