CVE Details
Basic Information
| Title | CVE-2025-47187 |
|---|---|
| Type | cve |
| Published | 2025-07-23T19:15:33 |
| Last Seen | 2025-07-24T06:59:23 |
| Modified | 2025-07-23T20:15:27 |
CVSS Information
| Base Score | 7.5 (HIGH) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
AI Analysis
| AI Description | A vulnerability in Mitel SIP Phones allows unauthenticated attackers to upload arbitrary WAV files, potentially exhausting storage without affecting phone operation. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Mitel Networks |
| AI Product | Mitel 6800 Series, 6900 Series, 6900w Series SIP Phones, 6970 Conference Unit |
| AI Version | up to 6.4 SP4 |
Additional Information
| CVE List | CVE-2025-47187 |
|---|---|
| CWE List | CWE-434 |
| Bulletin Family | cve |
Description
A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit through 6.4 SP4, could allow an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, which may potentially exhaust the phone’s storage without affecting the phone’s availability or operation.