Medium severity6.5NVD Advisory· Published Aug 7, 2025· Updated Apr 15, 2026

CVE-2025-47188

Description

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the context of the phone, leading to disclosure or modification of sensitive configuration data or affecting device availability and operation.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mitel.com/support/security-advisoriesnvd
www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0004nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000