CVE-2025-47187

CVEnew

CVE-2025-47187 A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated… https://t.co/aU7hSmrzKA

syedaquib77

Vulnerability Alert: Multiple Vulnerabilities in Mitel SIP Phones (Command Injection, File Upload) Timeline: Disclosure: 2025-05-08, Patch: 2025-05-09 Attribution: Mirai Botnet CVE-ID: CVE-2025-47188 Base Score: 9.8 CVSS Metrics: AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvssSeverity: Critical EPSS Percentile: N/A Exploit Maturity: Not Available Affected Versions: - Mitel 6800 Series SIP Phones (firmware R6.4.0.SP4 and earlier) - Mitel 6900 Series SIP Phones (firmware R6.4.0.SP4 and earlier) - Mitel 6900w Series SIP Phones (firmware R6.4.0.SP4 and earlier) - Mitel 6970 Conference Unit (firmware R6.4.0.SP4 and earlier) Fixed Versions: - firmware version R6.4.0.SP5 or later Attack Vectors: - Command Injection - File Upload Summary: Two critical vulnerabilities, CVE-2025-47188 (Critical command injection) and CVE-2025-47187 (Medium unauthenticated file upload), affect several Mitel SIP phone series. CVE-2025-47188 allows remote, unauthenticated attackers on the same network to inject and execute arbitrary commands via insufficient parameter sanitization. CVE-2025-47187 permits unauthenticated attackers to upload arbitrary WAV files, potentially exhausting storage. These flaws expose enterprise networks to significant risk and have historical ties to Mirai botnet exploitation. Impact Scope: Vulnerable devices may lead to unauthorized access and data exposure. Recommended Actions: - Patch devices to firmware version R6.4.0.SP5 or later to mitigate these vulnerabilities. Related Resources: - https://t.co/KfwLyhij8G - https://t.co/XrKfQRWG8G Tags: #Mitel #SIPPhone #VoIP #CommandInjection #FileUpload #RemoteCodeExecution #CVE202547188 #CVE202547187 #CriticalVulnerability #MediumVulnerability #Cybersecurity