CVE-2025-67823
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-15

Last updated on: 2026-01-16

Assigner: MITRE

Description
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction where the email channel is enabled. This could allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-15
Last Modified
2026-01-16
Generated
2026-06-16
AI Q&A
2026-01-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-67823
EUVD
EUVD-2025-206292
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
mitel micontact_center_business to 10.2.0.11 (exc)
mitel cx to 2.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-67823 is a high-severity stored Cross-Site Scripting (XSS) vulnerability in the Multimedia Email component of Mitel MiContact Center Business and Mitel CX products. It occurs due to insufficient input validation, allowing an unauthenticated attacker to inject and execute arbitrary scripts in a victim's browser or desktop client application after user interaction with the email channel. This affects versions up to 10.2.0.10 for MiContact Center Business and 1.1.0.1 for Mitel CX. [1]

Impact Analysis

This vulnerability can allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application, potentially leading to unauthorized access to sensitive information. The attack requires user interaction and affects only deployments with multimedia licenses using email in Web Ignite, Desktop Ignite, or Contact Center Client. The impact includes high confidentiality loss, low integrity impact, and no availability impact. [1]

Mitigation Strategies

Apply the appropriate hotfixes provided by Mitel for the affected products or upgrade to the fixed versions or later releases. For MiContact Center Business, apply hotfixes KB20257760, KB573971, KB573970, or KB573969 depending on your version, or upgrade to version 10.2 FP11 (10.2.0.11) or later. For Mitel CX, apply hotfix KB20254739 or upgrade to version 2.0 or later. Ensure that multimedia email channel usage is reviewed and secured as the vulnerability requires user interaction with the email channel enabled. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67823. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart