Summary: Mitel has announced a security advisory concerning a reflected cross-site scripting (XSS) vulnerability, identified as CVE-2025-23092, in its MiContact Center Business software. The vulnerability allows unauthenticated attackers to execute arbitrary scripts, potentially leading to the compromise of sensitive information and modification of chat sessions. Mitel recommends that customers update to newer software versions or apply specific hotfixes to mitigate the risk.
Affected: Mitel MiContact Center Business software
Keypoints :
- Vulnerability CVE-2025-23092 has a CVSS score of 7.1 and is rated high severity.
- Affected versions include 10.2.0.0 to 10.2.0.4, 10.1.0.0 to 10.1.0.5, and 9.5.0.3 and earlier.
- Mitel advises customers to either upgrade to supported software versions or apply designated hotfixes to mitigate the vulnerability.
Views: 23