Mivoice Mx One
CVE-2025-67822
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.
AnalysisAI
Mitel MiVoice MX-ONE 7.3-7.8 SP1 has authentication bypass in the Provisioning Manager. Unauthenticated attackers can access user or admin accounts in the VoIP management system.
Technical ContextAI
The Provisioning Manager has improper authentication (CWE-287) allowing bypass of login controls. MiVoice MX-ONE is an enterprise VoIP system managing thousands of phone endpoints.
RemediationAI
Apply Mitel patches. Restrict Provisioning Manager access.
More in Mivoice Mx One
View allSame weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today