AI description
CVE-2025-47188 is a command injection vulnerability found in Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through version 6.4 SP4. The vulnerability stems from insufficient parameter sanitization, which could allow an unauthenticated attacker to conduct a command injection attack. Successful exploitation of CVE-2025-47188 could allow an attacker to execute arbitrary commands within the context of the phone. This could lead to the disclosure or modification of sensitive configuration data, and may also affect device availability and operation.
- Description
- A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-77
- Hype score
- Not currently trending
Another bleeding-edge version of VEDAS is out now. Many network-exploitable vulnerabilities, such as CVE-2025-47188, remains delayed, poorly documented and lack meaningful enrichment. Despite being actively exploited since May 2025, this vulnerability is still not enriched by ht
@arpsyndicate
12 Sept 2025
12730 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
Another bleeding-edge version of VEDAS is out now 🎉🥳 Many network-exploitable vulnerabilities, such as CVE-2025-47188, remains delayed, poorly documented and lack meaningful enrichment. Despite being actively exploited since May 2025, this vulnerability is still not enrich
@arpsyndicate
11 Aug 2025
62 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47188 Command Injection Vulnerability in Mitel 6800/6900 Series SIP Phones https://t.co/UeeVSicAqW Vulnerability Notification: https://t.co/xhLrNnfyrO
@VulmonFeeds
7 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
We've published technical details and a PoC exploit for CVE-2025-47187 and CVE-2025-47188 – two vulnerabilities in Mitel SIP Phones that lead to unauthenticated RCE: https://t.co/8xBQfEN32F
@InfoGuard_Labs
11 Jun 2025
199 Impressions
3 Retweets
10 Likes
5 Bookmarks
1 Reply
0 Quotes
به تازگی برای تلفن های Mitel SIP آسیب پذیری با کدهای شناسایی (CVE-2025-47188) از نوع RCE و (CVE-2025-47187) از نوع file Upload منتشر شده است. علت اصلی آسیب پذیری firmware های نسخه R6.4.0.SP4 و
@AmirHossein_sec
18 May 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
セキュリティ研究者は、Mitel製SIP電話機に深刻な脆弱性2件を発見した。特に深刻なのはCVE-2025-47188で、認証不要で任意コマンドを実行し、機器を完全に掌握できる。 影響を受けるのは6800/6900/6900wシリーズおよ
@yousukezan
12 May 2025
1486 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
MitelのSIP電話機に重大(Critical)な脆弱性。CVE-2025-47188はCVSSスコア9.8の認証不要コマンドインジェクション。6800シリーズ、6900シリーズ、6900wシリーズ、6970会議ユニットに影響。修正版あり。 https://t.co/Z95cyHaHiB
@__kokumoto
11 May 2025
1170 Impressions
6 Retweets
6 Likes
2 Bookmarks
0 Replies
0 Quotes