CVE-2025-67822

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-67822
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) through 7.8 SP1 (7.8.1.0.14) could allow an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication mechanisms. A successful exploit could allow an attacker to gain unauthorized access to user or admin accounts in the system.

9.4 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.mitel.com/support/security-advisories Vendor Advisory
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:mitel:mivoice_mx-one:*:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.8:-:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.8:sp1:*:*:*:*:*:*
History

21 Jan 2026, 21:06

Type Values Removed Values Added
References () https://www.mitel.com/support/security-advisories - () https://www.mitel.com/support/security-advisories - Vendor Advisory
References () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009 - () https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0009 - Vendor Advisory
CPE cpe:2.3:a:mitel:mivoice_mx-one:*:*:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.8:-:*:*:*:*:*:*
cpe:2.3:a:mitel:mivoice_mx-one:7.8:sp1:*:*:*:*:*:*
First Time Mitel mivoice Mx-one
Mitel

16 Jan 2026, 15:15

Type Values Removed Values Added
CWE CWE-287
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.4

15 Jan 2026, 22:16

Type Values Removed Values Added
New CVE
Information

Published : 2026-01-15 22:16

Updated : 2026-01-21 21:06

NVD link : CVE-2025-67822

Mitre link : CVE-2025-67822

CVE.ORG link : CVE-2025-67822

JSON object : View

Products Affected

mitel

  • mivoice_mx-one
CWE
CWE-287

Improper Authentication