← volver
CVE-2025-47188

CVE-2025-47188

CVSS 6.5 MEDIUMEPSS 48.5%CWE-77
Vexday Risk Score
40Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 6.5EPSS 48.5%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
07 ago 2025Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0004