CVE-2025-52913

CRITICAL

Mitel MiCollab <9.8.2.12 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-52913. PoCs published by pgaSUS99.

AI-analyzed exploit summary The repository contains a Python script that scans for CVE-2025-52913, a path normalization vulnerability in Mitel MiCollab, by testing crafted URLs with traversal sequences. It checks for specific responses indicating potential exploitation but does not include actual exploit code.

Description

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

Exploits (1)

nomisec SCANNER
by pgaSUS99 · poc
https://github.com/pgaSUS99/PoC-CVE-2025-52913

The repository contains a Python script that scans for CVE-2025-52913, a path normalization vulnerability in Mitel MiCollab, by testing crafted URLs with traversal sequences. It checks for specific responses indicating potential exploitation but does not include actual exploit code.

Classification
Scanner 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mitel MiCollab
No auth needed
Prerequisites: network access to target
devstral-2 · analyzed Apr 09, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0152
EPSS Percentile 81.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-22
Status published
Published Aug 08, 2025
Tracked Since Feb 18, 2026