CVE-2025-47188

MEDIUM EXPLOITED NUCLEI

Mitel 6000 - OS Command Injection

Title source: nuclei

Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.

Nuclei Templates (1)

Mitel 6000 - OS Command Injection

CRITICALby matejsmycka

FOFA: icon_hash="-1940372141" || icon_hash="-447557905"

References (2)

[Various Sources] https://www.mitel.com/support/security-advisories

[Various Sources] https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0004

Scores

CVSS v3 6.5

EPSS 0.0346

EPSS Percentile 87.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

VulnCheck KEV 2025-07-21

CWE

CWE-77

Status published

Published Aug 07, 2025

Tracked Since Feb 18, 2026