← voltar
CVE-2025-47188

CVE-2025-47188

CVSS 6.5 MEDIUMEPSS 48.5%CWE-77
Vexday Risk Score
40Atenção
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
CVSS 6.5EPSS 48.5%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
07 ago 2025Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.mitel.com/support/security-advisorieshttps://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0004