Mitel Product Security Advisory MISA-2025-0008
MiCollab SQL injection Vulnerability
Advisory ID: MISA-2025-0008
First Issue Date: 2025-07-23
Last Updated: 2025-07-23
Revision: 1.0
Summary
An SQL vulnerability has been identified in the Suite Applications Services component of Mitel MiCollab, which if successfully exploited could allow an authenticated attacker to conduct an SQL Injection attack due to insufficient validation of user input.
A successful exploit could allow an attacker to access user provisioning information and execute arbitrary SQL database commands with potential impacts on the confidentiality, integrity, and availability of the system.
The vulnerability severity is rated as high.
Mitel is recommending customers with affected product versions update to the latest release.
Credit is given to Jasper Korten of Bureau Veritas Cybersecurity for highlighting these issues and bringing these to our attention.
Affected Products and Solutions
This security advisory provides information on the following products:
| PRODUCT NAME | VERSION(S) AFFECTED | SOLUTION(S) AVAILABLE |
| MiCollab | 10.0 (10.0.0.26) to 10.0 SP1 FP1 (10.0.1.101), and 9.8 SP3 (9.8.3.1) and earlier | Upgrade to version 10.1 (10.1.0.10) or upgrade to version 9.8 SP3 FP1 (9.8.3.103), or subsequent releases.
Alternative Solution: Mitel has provided patches that are available for releases 10.0 SP1 FP1 (10.0.1.101) and 9.8 SP3 (9.8.3.1). See the KMS article for instructions regarding both the upgrades and the patches.
|
Note: The MiVoice Business Solution Virtual Instance is not impacted by this vulnerability.
Product statements are related only to supported product versions. Products which have reached End of Support status are not considered.
Vulnerability Severity
The following products have been identified as affected:
| PRODUCT NAME | CVE ID | SEVERITY | CVSS 3.1 BASE SCORE |
| MiCollab | CVE-2025-52914 | High / 8.8 | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
The vulnerability severity is rated as high.
Mitigations / Workarounds
Customers with affected product versions should upgrade to the highlighted solution versions or later.
For customers who are not currently able to upgrade to the latest version in a timely manner, Mitel has provided patches that are available for releases 10.0 SP1 FP1 (10.0.1.101) and 9.8 SP3 (9.8.3.1). See the KMS article for instructions regarding both the upgrade and the patch.
Solution/ Recommended Action
This issue is corrected in MiCollab 10.1 (10.1.0.10) or version 9.8 SP3 FP1 (9.8.3.103). Customers are advised to upgrade to this or subsequent releases.
Please see Mitel Knowledge Base article SO8565, “MiCollab Security Update CVE-2025-52914” https://mitel.custhelp.com/app/answers/answer_view/a_id/1021858 .
If you do not have access to this link, please contact your Mitel Authorized Partner for support.
For further information, please contact Mitel Product Support.
References
CVE-2025-52914
Revision History
Version | Date | Description |
1.0 | 2025-07-23 | Initial version |
Publisher and Legal Disclaimer
Publisher: Mitel PSIRT / [email protected]
The information provided in this advisory is provided "as is" without warranty of any kind. The information is subject to change without notice. Mitel and its affiliates do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of the information provided. No part of this document can be reproduced or transmitted in any form or by any means - electronic or mechanical - for any purpose without written permission from Mitel Networks Corporation.