SecuriTricks - CVE-2025-47187

Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, which may potentially exhaust the phone's storage without affecting the phone's availability or operation.

Product(s) Impacted

Vendor	Product	Versions
Mitel	6800 Series 6900 Series 6900w Series 6970 Conference Unit	* * * <=6.4

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	mitel	6800_series	/	/	/	/	/	/	/	/
a	mitel	6900_series	/	/	/	/	/	/	/	/
a	mitel	6900w_series	/	/	/	/	/	/	/	/
a	mitel	6970_conference_unit	<=6.4	sp4	/	/	/	/	/	/

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0004

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

View Vector String

Timeline

Published: July 23, 2025, 7:15 p.m.
Last Modified: July 23, 2025, 8:15 p.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve@mitre.org

CVE-2025-47187