CVE-2025-27828

Name of the Vulnerable Software and Affected Versions: Mitel MiContact Center Business versions 10.0.0.0 through 10.0.0.4 Mitel MiContact Center Business versions 10.1.0.0 through 10.1.0.5 Mitel MiContact Center Business versions 10.2.0.0 through 10.2.0.4

Description: A vulnerability in the legacy chat component could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts with a limited impact on the confidentiality and the integrity.

Recommendations: For versions 10.0.0.0 through 10.0.0.4, update to a version outside of this range to mitigate the risk. For versions 10.1.0.0 through 10.1.0.5, update to a version outside of this range to mitigate the risk. For versions 10.2.0.0 through 10.2.0.4, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider disabling the legacy chat component until a patch is available.