Mitel Product Security Advisory MISA-2025-0005
OpenScape Xpressions Path Traversal Vulnerability
Advisory ID: MISA-2025-0005
Publish Date: 2025-05-21
Last Updated: 2025-05-21
Revision: 1.0
Summary
A path traversal vulnerability has been identified in the WebApl component of OpenScape Xpressions, which if successfully exploited, could allow an unauthenticated attacker to conduct a local file read within the system due to insufficient input sanitization. A successful exploit of this vulnerability could allow an attacker to read files from the underlying OS and may disclose user content such as voicemail and faxes, and user provisioning information such as name and email.
The vulnerability severity is rated as high.
Mitel is recommending customers with affected product versions apply the fixes in the highlighted solution. For customers that are unable to update in a timely manner, Mitel recommends reviewing available workarounds.
Affected Products and Solutions
This security advisory provides information on the following products:
| PRODUCT NAME | VERSION(S) AFFECTED | SOLUTION(S) AVAILABLE |
| OpenScapeXpressions | V7R1 FR5 HF43 P913 and earlier | Version V7R1 FR5 HF43 P914 (WebApl-811FR5-20970 hotfix) or later |
Vulnerability Severity
The following products have been identified as affected:
| PRODUCT NAME | CVE ID | SEVERITY | CVSS 3.1 BASE SCORE |
| OpenScape Xpressions | CVE-2025-48026 | 7.5 (High) | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
The vulnerability severity is rated as high.
Mitigations / Workarounds
The risk may be addressed by disabling access to the WebApl or stopping the WebApl service. However, this workaround will have service impacts and is intended as a temporary measure until the highlighted fix is applied.
See the KMS article for instructions regarding both the patch and the temporary workaround.
Solution/ Recommended Action
These issue is corrected in OpenScape Xpressions version V7R1 FR5 HF43 P914 (WebApl-811FR5-20970 hotfix). Customers are advised to upgrade to this or subsequent releases.
Please see Mitel Knowledge Base article KB000110116 for details: https://mitel.service-now.com/kb_view.do?sysparm_article=KB000110116
Please log in to the Mitel WEB Support Portal.
If you do not have access to these links, please contact your Mitel Authorized Partner for support.
For further information, please contact Mitel Product Support.
Revision History
| Version | Date | Description |
| 1.0 | 2025-05-21 | Initial Release |
Publisher and Legal Disclaimer
Publisher: Mitel PSIRT / [email protected]
The information provided in this advisory is provided "as is" without warranty of any kind. The information is subject to change without notice. Mitel and its affiliates do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of the information provided. No part of this document can be reproduced or transmitted in any form or by any means - electronic or mechanical - for any purpose without written permission from Mitel Networks Corporation.