CVE-2025-27827
HIGHMitel MiContact Center Business <10.2.0.3 - Info Disclosure
Title source: llmDescription
A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.2.0.3 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper handling of session data. A successful exploit requires user interaction and could allow an attacker to access sensitive information, leading to unauthorized access to active chat rooms, reading chat data, and sending messages during an active chat session.
References (2)
Core 2
Core References
Various Sources
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0002-0
Various Sources
https://www.mitel.com/support/security-advisories
Scores
CVSS v3
7.1
EPSS
0.0031
EPSS Percentile
22.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-200
Status
published
Published
Jun 24, 2025
Tracked Since
Feb 18, 2026