Mitel MiVoice MX-ONE Vulnerability Allows Admin Access Without Login

By /
mitel

Mitel, a leading provider of business communication solutions, has issued an important security update for its MiVoice MX-ONE platform. The update addresses a critical vulnerability that could allow attackers to bypass authentication and gain admin-level access to systems without any user interaction.

This serious flaw impacts MiVoice MX-ONE, a powerful, SIP-based communication platform widely used by large organizations for enterprise voice services. The system is designed to handle communications for hundreds of thousands of users, making this vulnerability a high-priority issue for businesses relying on Mitel’s services.

The issue lies in the Provisioning Manager component of MiVoice MX-ONE. The vulnerability is caused by improper access control, meaning unauthorized users can potentially access protected areas of the system—specifically, admin accounts—without needing any credentials.

Even worse, this authentication bypass attack is low in complexity. It does not require any special skills or user interaction, making it easy for attackers to exploit if the system is exposed to the internet.

Although the flaw is still awaiting a formal CVE ID, its impact has been rated critical, and immediate action is recommended for all affected systems.

This vulnerability affects MiVoice MX-ONE installations running the following versions:

  • Version 7.3 (7.3.0.0.50)

  • Up to Version 7.8 SP1 (7.8.1.0.14)

Mitel has already released patches to fix this issue in the following versions:

  • 7.8 (MXO-15711_78SP0)

  • 7.8 SP1 (MXO-15711_78SP1)

If your system is running any version from 7.3 to 7.8 SP1, and is not yet patched, it is considered vulnerable.

In an official statement, Mitel urged customers not to expose MiVoice MX-ONE services directly to the internet. Instead, they recommend deploying the platform within a trusted internal network. This can reduce the chances of external attacks exploiting the Provisioning Manager vulnerability.

Additionally, Mitel advises system administrators to limit access to the Provisioning Manager as an immediate workaround until patches can be applied.

Customers using vulnerable versions are asked to submit a patch request through their authorized Mitel service partner to receive the security fix.

On the same day, Mitel also revealed a high-severity SQL injection vulnerability affecting its MiCollab collaboration platform. This flaw, identified as CVE-2025-52914, could allow attackers to execute arbitrary SQL commands on unpatched devices.

This could potentially give cybercriminals access to sensitive data stored in the platform’s backend databases. Like the MiVoice issue, this vulnerability has not yet been observed in active attacks but presents a significant risk if left unpatched.

beware

This isn’t the first time Mitel’s systems have come under scrutiny.

In January 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about a MiCollab path traversal vulnerability (CVE-2024-55550) that was actively being exploited in attacks. This flaw allowed attackers with admin access to read sensitive files on affected servers.

Even earlier, in December 2024, researchers from watchTowr Labs discovered another zero-day vulnerability (CVE-2024-41713) in MiCollab. This bug allowed attackers to read arbitrary files from the server’s file system—again raising serious concerns about data privacy and system security.

Mitel’s platforms, including MiVoice MX-ONE and MiCollab, are used by over 60,000 organizations and more than 75 million users globally. Their customer base spans education, healthcare, finance, manufacturing, and government sectors—all of which deal with highly sensitive information.

A vulnerability that grants admin-level access or unrestricted file reads could lead to:

  • Data breaches

  • Service disruptions

  • Unauthorized access to internal communications

  • Financial losses

  • Compliance violations

This makes it critical for organizations using Mitel products to apply patches immediately and follow best security practices to mitigate any potential risks.

Here’s a quick action checklist:

  1. Identify if you are using MiVoice MX-ONE versions 7.3 to 7.8 SP1.

  2. Do not expose the MX-ONE system to the public internet.

  3. Restrict access to the Provisioning Manager component.

  4. Contact your authorized Mitel service partner to request and apply the necessary patches.

  5. Update MiCollab systems to patch the SQL injection vulnerability (CVE-2025-52914).

  6. Review network and firewall rules to ensure these systems are only accessible within trusted environments.

Mitel’s recent vulnerabilities serve as a strong reminder of the need for timely patching and layered security defenses. Even trusted enterprise platforms can have critical security gaps that attackers can exploit.

Organizations using Mitel’s communication solutions should treat this advisory with urgency, ensure all systems are updated, and monitor future advisories closely.

Follow us on Twitter and Linkedin for real time updates and exclusive content.

Interesting Article : SysAid Zero-Day, CVE-2025-2775 and CVE-2025-2776 Exploited in the Wild

1 thought on “Mitel MiVoice MX-ONE Vulnerability Allows Admin Access Without Login”

  1. Pingback: Wordpress Post SMTP Vulnerability Leads to Admin Takeover: CVE-2025-24000

Comments are closed.

Scroll to Top