Primary

Context

Mitel MiContact Center Business Legacy Chat Information Disclosure Vulnerability

Vulnerability

Patched

An information disclosure vulnerability exists in the legacy chat component of Mitel MiContact Center Business, affecting versions through 10.2.0.3. The vulnerability allows an unauthenticated attacker to access sensitive information by exploiting improper session data handling. This exploitation, which requires user interaction, could lead to unauthorized access to active chat rooms, allowing the attacker to read chat messages and send messages during an active session.

Impact

Successful exploitation could result in unauthorized access to active chat rooms, enabling the attacker to read chat data and send messages during an active chat session.

Remediation

Users are advised to upgrade to versions 10.2.0.3, 10.1.0.5, 10.0.0.4, or 9.5.0.3, and apply the provided hotfixes. For further information, consult the Mitel Knowledge Base article SO8353 'MiContact Center Business, Security Update - CVE-2025-27827'.

Added: Jun 24, 2025, 2:37 PM

Updated: Jun 24, 2025, 3:26 PM

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

6.4

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.1

impact

3.1

exploitability

6.4

remediation

8.3

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mitel MiContact Center Business Legacy Chat Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Mitel MiContact Center Business

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating