CVE-2025-47187

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-47187
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, which may potentially exhaust the phone’s storage without affecting the phone's availability or operation.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.mitel.com/support/security-advisories
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0004
Configurations

No configuration.

History

29 Jul 2025, 20:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad en los teléfonos SIP Mitel de las series 6800, 6900 y 6900w, incluyendo la unidad de conferencia 6970 hasta la versión 6.4 SP4, podría permitir a un atacante no autenticado realizar un ataque de carga de archivos debido a la falta de mecanismos de autenticación. Una explotación exitosa podría permitir a un atacante cargar archivos WAV arbitrarios, lo que podría agotar la capacidad de almacenamiento del teléfono sin afectar su disponibilidad ni funcionamiento.
Summary (en) A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, which may potentially exhaust the phone's storage without affecting the phone's availability or operation. (en) A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, which may potentially exhaust the phone’s storage without affecting the phone's availability or operation.

23 Jul 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-434

23 Jul 2025, 19:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-23 19:15

Updated : 2025-07-29 20:15

NVD link : CVE-2025-47187

Mitre link : CVE-2025-47187

CVE.ORG link : CVE-2025-47187

JSON object : View

Products Affected

No product.

CWE
CWE-434

Unrestricted Upload of File with Dangerous Type