CVE-2025-47187
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-23
Last updated on: 2025-07-29
Assigner: MITRE
Description
Description
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 (R6.4.0.4006), and the 6970 Conference Unit through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, which may potentially exhaust the phoneβs storage without affecting the phone's availability or operation.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mitel | 6800_series_sip_phone | r6.4.0.4006 |
| mitel | 6900w_series_sip_phone | r6.4.0.4006 |
| mitel | 6900_series_sip_phone | r6.4.0.4006 |
| mitel | 6970_conference_unit | r6.4.0.4006 |
| mitel | 6970_conference_unit | v1_r0.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Mitel 6800, 6900, and 6900w Series SIP Phones, including the 6970 Conference Unit up to version 6.4 SP4. It allows an unauthenticated attacker to upload arbitrary WAV files to the device because the phones lack proper authentication mechanisms for file uploads.
How can this vulnerability impact me? :
An attacker exploiting this vulnerability could upload arbitrary WAV files to the phone, potentially exhausting the device's storage. However, this does not affect the phone's availability or operation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70