Mitel OpenScape Flaw (CVE-2025-23092): High-Severity Path Traversal Allows Admin RCE

Ddos June 14, 2025 2 minutes read

A newly disclosed vulnerability in Mitel’s OpenScape Accounting Management platform has been assigned CVE-2025-23092 and rated High severity (CVSS 7.2). This path traversal vulnerability allows attackers with administrative privileges to upload malicious files and potentially execute arbitrary commands on the system.

“A path traversal vulnerability impacting the OpenScape Accounting Management could allow an authenticated attacker with administrative privileges to upload arbitrary files with malicious content into the system,” Mitel states in its official advisory.

The issue stems from insufficient sanitization of user input and weak file type restrictions on the file upload interface. Although exploitation requires administrative access, successful abuse of this flaw can grant an attacker complete control over the underlying system.

“If the vulnerability is successfully exploited, an attacker could execute arbitrary commands and potentially gain control of the system,” the advisory warns.

Product	Affected Versions	Fixed Version
OpenScape Accounting Management	V5 R1.1.0 and earlier	V5 R1.1.4 or later

Only actively supported versions are included in the mitigation scope. Products that have reached End of Support are excluded.

Mitel strongly recommends the following actions for all affected customers:

Upgrade to version V5 R1.1.4 or later, which addresses the vulnerability.
Do not publicly expose the OpenScape Accounting Management web interface.
Restrict administrative access to trusted IP addresses or known network hosts.

Rate this post

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Related Posts:

Support Our Threat Intelligence

Related posts:

Leave a Reply Cancel reply