CVE-2025-23094

HIGH EPSS 66.1%

Published Feb 6, 20251y ago · Modified Jun 17, 20261w ago

7.3 CVSS 3.1

High

Published Feb 6, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process.

CVSS Details

Base Score

7.3

Exploitability

3.9

Impact

3.4

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

66.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-77 Command Injection Injection

References 1

mitel.com https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0001

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.