MITEL has issued security updates to address an important security defect in Mivoice MX-One that may allow an attacker to bypass certification security.
The company said in a advisor issued on Wednesday, “A certification bypass vulnerability has been identified in the provisioning manager component of Mitel Mivis Mivis Mivis Mivis, which if successfully exploited, may allow an informal attacker to allow a certification bypass attack due to improper access control.”
“A successful exploitation of this vulnerability may allow an attacker to achieve unauthorized access to user or administrative accounts in the system.”
The deficiency, which has yet been assigned a CVE identifier, scores a CVSS of 9.4 out of the maximum of 10.0. It affects the Mivoice MX-One version from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14).
The patch for the issue has been made available for MXO-One version 7.8 and 7.8 SP1 in MXO-15711_78SP0 and MXO-15711_78SP1 respectively. Customers using the Mivoice MX-One version 7.3 and the subsequent version are recommended to present a patch request to their authorized service partner.
As long as the fix cannot be applied, mitigation, it is advisable to limit the direct risk of MX-One services on public internet and ensure that they are placed within a reliable network.
With the authentication bypass defect, Mitel has sent an update to solve a high-seriousness vulnerability in the Mikelab (CVE-2025-52914, CVSS score: 8.8), if successfully exploited, a SQL injection may allow a certified attacker to attack.
“A successful exploitation may allow an attacker to reach the user provision information and execute arbitrary SQL database commands with possible effects on the privacy, integrity and availability of the system,” Mitel said.
The vulnerability, which affects the Microlab version 10.0 (10.0.0.26) on 10.0 SP1 FP1 (10.0.1.101) and 9.8 SP3 (9.8.3.1) and before that, the version is solved 10.1 (10.1.0.10), 9.8 SP3 FP1 (9.8.8.103) and later.
With deficiencies in Mittal devices that occur in active attacks in the past, it is necessary that users proceed quickly to update their installations as soon as possible to reduce potential hazards.
