Authentication Bypass Vulnerability in Mitel MiVoice MX-ONE
CVE-2025-67822

9.4CRITICAL

Key Information:

Vendor: Mitel
Status: Mitel MiVoice MX-ONE
Vendor: CVE Published:; 15 January 2026

What is CVE-2025-67822?

A vulnerability exists in the Provisioning Manager component of Mitel MiVoice MX-ONE versions 7.3 through 7.8 SP1, which allows unauthenticated attackers to exploit improper authentication mechanisms. This gap can lead to unauthorized access to both user and admin accounts, potentially compromising sensitive information and system integrity. Users of affected versions are advised to review the security advisory for detailed mitigation steps.

References

https://www.mitel.com/support/security-advisories

https://www.mitel.com/support/security-advisories/mitel-p...

CVSS V3.1

Score:

9.4

Severity:

CRITICAL

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2026
Vulnerability Reserved
Dec 12, 2025

CVE-2025-67822 Data

JSON