Information Disclosure Vulnerability in Mitel MiContact Center Business
CVE-2025-27827

7.1HIGH

Key Information:

Vendor: Mitel
Status: MiContact Center Business
Vendor: CVE Published:; 24 June 2025

What is CVE-2025-27827?

A vulnerability exists in the legacy chat component of Mitel MiContact Center Business that can allow unauthenticated attackers to conduct information disclosure attacks. This issue arises from improper handling of session data, requiring user interaction to exploit. Once successfully exploited, an attacker might gain access to sensitive information, potentially allowing unauthorized entry into active chat rooms, reading ongoing chat data, and sending messages within an active chat session.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 24, 2025
Vulnerability Reserved
Mar 7, 2025

JSON