Mitel SIP phones can be subjugated to any commands

Security vulnerabilities in Mitel's SIP phones potentially jeopardize networks. In particular, IT managers should quickly rectify a vulnerability classified as a critical risk. Mitel is providing firmware updates for this purpose.

According to Mitel's security release, there is a command injection vulnerability in the SIP phones of the 6800, 6900 and 6900w series as well as the 6970 conference model. Attackers from the network can infiltrate commands without prior authentication, as unspecified parameters are not sufficiently filtered. This allows them to view or change system and user data and configurations (CVE-2025-47188, CVSS 9.8, risk "critical").

Mitel: Second vulnerability poses a medium threat

Inadequate authentication mechanisms also allow attackers to upload files to the same devices without prior login. By uploading WAV files, for example, they can use up the phone's memory, but this has no effect on the functionality of the phones (CVE-2025-41787, CVSS 5.3, "medium" risk).

To abuse the vulnerabilities, attackers need network access to the vulnerable devices. However, if the Mitel SIP phones were installed according to Mitel's guidelines, they are located in a protected internal network.

The above-mentioned series with firmware versions R6.4.0.SP4 and older are affected. Version R6.4.0.SP5 or newer no longer contain the vulnerabilities. Mitel recommends that customers update to these versions.

Incidents from January of this year show that this is a good idea. The Mirai botnet abused security vulnerabilities in Mitel phones to embed the malware. Apparently, various IT managers are not adhering to Mitel's installation recommendations –, which is why it is highly recommended to apply the available updates promptly.

(dmk)