Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

Threat Score:
65
3 articles
100.0% similarity
1 day ago

Activity Timeline

3 articles
Click to navigate
Jul 24
Jul 24
Jul 25
Oldest
Latest
Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

Key Insights

1
Mitel has patched a critical authentication bypass vulnerability in the MiVoice MX-ONE platform, allowing unauthorized access to user and admin accounts.
2
The vulnerability, with a CVSS score of 9.4, affects MiVoice MX-ONE versions from 7.3 to 7.3.0.0.50 and has not yet been assigned a CVE identifier.
3
Attackers can exploit this flaw without user interaction, making it a low-complexity attack vector that poses a significant risk to unpatched systems.
4
Organizations using MiVoice MX-ONE are urged to apply the security updates immediately to mitigate potential unauthorized access.

Threat Overview

Mitel has released critical patches for an authentication bypass vulnerability in the MiVoice MX-ONE enterprise communications platform, affecting versions from 7.3 to 7.3.0.0.50 [1][2][3]. This flaw allows unauthenticated attackers to access user and admin accounts without requiring user interaction, posing severe risks to operational security [2][3]. Organizations must urgently update their systems to the latest versions to prevent unauthorized access and potential data breaches [1][2]. Mitel has not yet assigned a CVE identifier to this vulnerability, but its CVSS score of 9.4 indicates high severity [2]. Immediate patching and system audits are recommended to ensure security compliance [3].

Tactics, Techniques & Procedures (TTPs)

T1078
Valid Accounts - Exploiting authentication bypass to gain unauthorized access to accounts - Articles 2, 3
T1203
Exploitation for Client Execution - Low-complexity attacks that do not require user interaction - Articles 1, 2
T1499
Endpoint Denial of Service - Potential for unauthorized access leading to service disruption - Article 3

Timeline of Events

2025-07-24
Mitel discloses the authentication bypass vulnerability and releases security updates [2][3]
2025-07-25
Patches for the vulnerability are made publicly available [1]
Ongoing
Organizations are advised to implement patches to avoid exploitation [2]
Powered by ThreatCluster AI
Generated 1 day ago
AI analysis may contain inaccuracies

Related Articles

3 articles
1
Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw

BleepingComputer 2 days ago

Mitel warns of critical MiVoice MX-ONE authentication bypass flaw Sergiu Gatlan July 24, 2025 11:17 AM 0 Mitel Networks has released security updates to patch a critical-severity authentication bypass vulnerability impacting its MiVoice MX-ONE enterprise communications platform. MX-ONE is the company's SIP-based communications system, which can scale to support hundreds of thousands of users. The critical security flaw is due to an improper access control weakness discovered in the MiVoice MX-ON

Score
53
99.0% similarity
Read more
3

Critical Mitel Flaw Lets Hackers Bypass Login, Gain Full Access to MiVoice MX-ONE Systems

The Hacker News 1 day ago

Mitel has released security updates to address a critical security flaw in MiVoice MX-ONE that could allow an attacker to bypass authentication protections. "An authentication bypass vulnerability has been identified in the Provisioning Manager component of Mitel MiVoice MX-ONE, which, if successfully exploited, could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper access control," the companysaidin an advisory released Wednesday. "A successful exploi

Score
47
99.0% similarity
Read more