CVE-2025-27827
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-06-26
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an information disclosure flaw in the legacy chat component of Mitel MiContact Center Business. It occurs due to improper handling of session data, allowing an unauthenticated attacker, with user interaction, to access sensitive information. An attacker could gain unauthorized access to active chat rooms, read chat data, and send messages during an active chat session. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker to access sensitive chat information without authorization. This includes unauthorized access to active chat rooms, reading confidential chat messages, and sending messages as if they were a legitimate user. This could lead to information leakage and potential misuse of the chat system. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate steps to mitigate CVE-2025-27827 include applying the hotfixes released by Mitel for your specific product version (KB20256817 for 10.2.0.3, KB570775 for 10.1.0.5, KB569707 for 10.0.0.4, and KB571025 for 9.5.0.3). Alternatively, you can disable the Legacy Chat component or migrate to the CloudLink Contact Center Messenger Chat. It is recommended to upgrade to the fixed releases or later versions as detailed in Mitelβs Knowledge Base article SO8353. [1]