CVE-2025-47187

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series SIP Phones versions through 6.4 SP4 Mitel 6900 Series SIP Phones versions through 6.4 SP4 Mitel 6900w Series SIP Phones versions through 6.4 SP4 Mitel 6970 Conference Unit versions through 6.4 SP4

Description A vulnerability exists that allows an unauthenticated attacker to perform a file upload attack due to missing authentication mechanisms. A successful exploit could allow an attacker to upload arbitrary WAV files, potentially exhausting the phone's storage. The phone's availability and operation are not affected.

Recommendations Update Mitel 6800 Series SIP Phones to a version later than 6.4 SP4. Update Mitel 6900 Series SIP Phones to a version later than 6.4 SP4. Update Mitel 6900w Series SIP Phones to a version later than 6.4 SP4. Update Mitel 6970 Conference Unit to a version later than 6.4 SP4.