CVE-2025-67822
CRITICALMitel MiVoice MX-ONE 7.3-7.8 SP1 - Unauthenticated Authentication Bypass in Provisioning Manager
Title source: llmDescription
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.
References (2)
Core 2
Core References
Vendor Advisory
https://www.mitel.com/support/security-advisories
Scores
CVSS v3
9.4
EPSS
0.0037
EPSS Percentile
28.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (2)
mitel/mivoice_mx-one
7.8 (2 CPE variants)
mitel/mivoice_mx-one
7.3 - 7.8
Published
Jan 15, 2026
Tracked Since
Feb 18, 2026