Serious Mitel Vulnerability Allows Hackers to Bypass Login and Access MiVoice MX-ONE Systems
July 24, 2025
Vulnerability / Network Security
Mitel has issued security updates to fix a critical vulnerability in MiVoice MX-ONE that could enable attackers to bypass authentication measures. According to a recent advisory, “An authentication bypass vulnerability has been detected in the Provisioning Manager component of Mitel MiVoice MX-ONE. If exploited, this flaw could allow an unauthorized attacker to execute an authentication bypass due to faulty access control.” A successful exploitation could grant attackers unauthorized access to both user and admin accounts within the system.
This vulnerability, which has not yet been assigned a CVE identifier, has a CVSS score of 9.4 out of 10. It impacts MiVoice MX-ONE versions ranging from 7.3 (7.3.0.0.50) to 7.8 SP1 (7.8.1.0.14). Patches have been released under MXO-15711_78SP0 and MXO-15711_78SP1 for versions 7.8 and 7.8 SP1, respectively. Customers using MiVoice MX-ONE are encouraged to apply the updates promptly to mitigate the risk.