Mithel Networks has issued security updates to patch a significant-seriousness authentication bypass vulnerability, affecting its MIVOICE MX-One Enterprise Communications platforms.
The MX-One is the company’s SIP-based communication system, which can support hundreds of thousands of users.
Important security defects Mivoice MX-A provision is due to a weakness of an inappropriate access control discovered in the manager component and has yet been assigned to the CVE ID. Informal attackers can take advantage of this in low-complications attacks, which do not require user interaction to achieve unauthorized access to administrative accounts on unexpected systems.
According to Mithel, the vulnerability affects the Mivoice MX-One running version 7.3 (7.3.0.0.50) with 7.8 SP1 (7.8.1.0.14) and was packed in 7.8 (MXO-157111_78Sp0) and 7.8 SP1 (MXO-15711_78sp1).
“Do not expose MX-One services directly on public internet. Make sure the MX-One system is deployed within a reliable network. The risk can be reduced by restricting access to the provision manager service,” Mitel said,
The customer running Mivoice MX-One version 7.3 and later advised to present a patch request to the company through their authorized service partner.
Today, Mitel also revealed High-seriousness sql injection vulnerability (CVE-2025-52914) In its Micolb cooperation platform, which can be abused to execute arbitrary SQL database command on unexpected devices.
While these two security bugs have not been tagged as exploitation in the wild, Sisa has given us a federal warning Agencies In January, a Micolab Path Traverse was used in attacks by traversal vulnerability (CVE-2024-55550) and allowed certified danger actors certified danger actors with administrative privileges to read arbitrary files on weak servers.
A month ago, the company picked up a microlab arbitrary file reading a zero-day bug (CVE-2024-41713) discovered by the Watchtower Labs researchers, patching the attackers to reach files on the server’s file system.
Mithel’s products are used by more than 60,000 customers and more than 75 million users in various fields, including education, healthcare, financial services, manufacturing and government.
Include emerging hazards in real time – before they affect your business.
Learn how cloud detection and response (CDR) gives security teams the required edge in this practical, no-nonsense guide.
