Can you explain this vulnerability to me?

CVE-2025-67823 is a high-severity stored Cross-Site Scripting (XSS) vulnerability in the Multimedia Email component of Mitel MiContact Center Business and Mitel CX products. It occurs due to insufficient input validation, allowing an unauthenticated attacker to inject and execute arbitrary scripts in a victim's browser or desktop client application after user interaction with the email channel. This affects versions up to 10.2.0.10 for MiContact Center Business and 1.1.0.1 for Mitel CX. [1]

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow an attacker to execute arbitrary scripts in the victim's browser or desktop client application, potentially leading to unauthorized access to sensitive information. The attack requires user interaction and affects only deployments with multimedia licenses using email in Web Ignite, Desktop Ignite, or Contact Center Client. The impact includes high confidentiality loss, low integrity impact, and no availability impact. [1]

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

Apply the appropriate hotfixes provided by Mitel for the affected products or upgrade to the fixed versions or later releases. For MiContact Center Business, apply hotfixes KB20257760, KB573971, KB573970, or KB573969 depending on your version, or upgrade to version 10.2 FP11 (10.2.0.11) or later. For Mitel CX, apply hotfix KB20254739 or upgrade to version 2.0 or later. Ensure that multimedia email channel usage is reviewed and secured as the vulnerability requires user interaction with the email channel enabled. [1]

Useful 0 Not Useful 0