Mitel Product Security Advisory MISA-2025-0006
OpenScape Accounting Management Path Traversal Vulnerability
Advisory ID: MISA-2025-0006
Publish Date: 2025-06-11 13:11:34
Last Updated: 2025-06-03 12:08:20
Revision: 1.0
Summary
A path traversal vulnerability impacting the OpenScape Accounting Management could allow an authenticated attacker with administrative privileges to upload arbitrary files with malicious content into the system due to insufficient sanitization of user input and restriction of file upload type.
Exploiting this vulnerability requires the attacker to have administrator user access. If the vulnerability is successfully exploited, an attacker could execute arbitrary commands and potentially gain control of the system.
The vulnerability severity is rated as high.
Mitel is recommending customers with affected product versions update to the latest release.
Credit is given to milCERT AT for highlighting the issue and bringing it to our attention.
Affected Products and Solutions
This security advisory provides information on the following product:
| Product Name | Affected Version(s) | Available Solution(s) |
| OpenScape Accounting Management | V5 R1.1.0 and earlier | Upgrade to OpenScape Accounting Management version V5 R1.1.4 or later. |
Product statements are related only to supported product versions. Products that have reached End of Support status are not considered.
Vulnerability Severity
The following product has been identified as affected:
| PRODUCT NAME | CVE ID | SEVERITY | CVSS 3.1 BASE SCORE |
| OpenScape Accounting Management | CVE-2025-23092 | High / 7.2 | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
The vulnerability severity is rated as high.
Mitigations / Workarounds
- Do not publicly expose the OpenScape Accounting Management web interface.
- Restrict administrative access to the OpenScape Accounting Management web interface to known IP networks/host IP addresses that require access.
Solution/ Recommended Action
This issue is corrected in the OpenScape Accounting Management version V5 R1.1.4. Customers are advised to upgrade to this or subsequent releases.
For further information, please contact Mitel Product Support.
References
CVE-2025-23092
Revision History
Version | Date | Description |
| 1.0 | 2025-06-11 | Initial Release |
Publisher and Legal Disclaimer
Publisher: Mitel PSIRT / [email protected]
The information provided in this advisory is provided "as is" without warranty of any kind. The information is subject to change without notice. Mitel and its affiliates do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of the information provided. No part of this document can be reproduced or transmitted in any form or by any means - electronic or mechanical - for any purpose without written permission from Mitel Networks Corporation.