Unrated severityNVD Advisory· Published Jan 15, 2026· Updated Jan 16, 2026

CVE-2025-67823

Description

A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.

Affected products

Mitel/MiContact Center Businessdescription
Mitel/MiContact Center Businessllm-create
Range: <=10.2.0.10
Mitel/CXllm-create
Range: <=1.1.0.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.mitel.com/support/security-advisoriesmitre
www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0010mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000