CVE-2025-52914

HIGH

Mitel MiCollab 10.0-10.0.1.101 - Authenticated SQL Injection in Suite Applications Services

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-52914. PoCs published by rxerium.

AI-analyzed exploit summary This repository contains a Nuclei template for detecting CVE-2025-52914, which involves version disclosure in MiCollab End User Portal. The template checks for vulnerable versions via HTTP responses and extracts version information using regex.

Description

A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.

Exploits (1)

nomisec SCANNER
by rxerium · poc
https://github.com/rxerium/CVE-2025-52914

This repository contains a Nuclei template for detecting CVE-2025-52914, which involves version disclosure in MiCollab End User Portal. The template checks for vulnerable versions via HTTP responses and extracts version information using regex.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: MiCollab End User Portal (versions prior to 9.3.1 and 10.0.26 to 10.1.101 inclusive)
No auth needed
Prerequisites: Access to the target host's login interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0057
EPSS Percentile 42.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
mitel/micollab < 9.8.3.103
Published Aug 08, 2025
Tracked Since Feb 18, 2026