High-Severity SQL Injection (CVE-2025-52914) in Mitel MiCollab Allows Data Access, Command Execution
Ddos 
Mitel has released a security advisory addressing a high-severity SQL injection vulnerability in its MiCollab platformβan issue that could allow authenticated attackers to execute arbitrary database commands and compromise user provisioning data. Tracked as CVE-2025-52914, the vulnerability carries a CVSS score of 8.8.
The vulnerability resides in the Suite Applications Services component of MiCollab, a key unified communications platform used by businesses worldwide. According to Mitelβs advisory:
βAn SQL vulnerability has been identified in the Suite Applications Services component of Mitel MiCollab, which if successfully exploited could allow an authenticated attacker to conduct an SQL Injection attack due to insufficient validation of user input.β
SQL injection vulnerabilities can allow malicious actors to manipulate backend database queries, potentially leading to data theft, tampering, or system downtime.
βA successful exploit could allow an attacker to access user provisioning information and execute arbitrary SQL database commands with potential impacts on the confidentiality, integrity, and availability of the system.β
Mitel confirmed that the following MiCollab versions are affected:
- MiCollab 10.0 (10.0.0.26) through 10.0 SP1 FP1 (10.0.1.101)
- MiCollab 9.8 SP3 (9.8.3.1) and earlier
The vulnerability has been addressed in the following secure releases:
- MiCollab 10.1 (10.1.0.10)
- MiCollab 9.8 SP3 FP1 (9.8.3.103)
For organizations unable to perform a full upgrade immediately, Mitel has released targeted patches for:
- MiCollab 10.0 SP1 FP1 (10.0.1.101)
- MiCollab 9.8 SP3 (9.8.3.1)
Administrators can find detailed instructions for both patching and upgrading in Mitel Knowledge Base article SO8565.
Related Posts:
- Critical Path Traversal Vulnerability (CVSS 9.8) Exposes Mitel MiCollab Servers to Unauthorized Access
- Unpatched Zero-Day Vulnerability in Mitel MiCollab Exposes Businesses to Serious Security Risks
- CVE-2024-41713 (CVSS 9.8): Unpatched MiCollab Vulnerability Allows Unauthorized Access
- CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server
- Mitel Issues Critical Security Advisory for PHP Argument Injection Vulnerability
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
