CVE-2025-52914
published 2025-08-08CVE-2025-52914: A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.57%
42.9th percentile
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mitel | micollab | < 9.8.3.103 | 9.8.3.103 |
| mitel | micollab | >= 10.0.0.26 < 10.1.0.10 | 10.1.0.10 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-52914 is a SQL Injection vulnerability in the Suite Applications Services component of Mitel MiCollab; monitor for anomalous or malformed SQL syntax in requests targeting this component on affected versions (10.0 through SP1 FP1 / 10.0.1.101) ↗
- →The vulnerability requires authentication; detection should focus on authenticated sessions issuing unexpected or crafted SQL-bearing payloads to the Suite Applications Services component of MiCollab ↗
- →No in-the-wild exploitation has been confirmed for CVE-2025-52914 as of disclosure; however, prioritize patching given Mitel MiCollab's history of active exploitation (e.g., CVE-2024-55550, CVE-2024-41713) ↗
- ·Affected versions are strictly MiCollab 10.0 through SP1 FP1 (10.0.1.101); systems outside this version range are not confirmed affected by CVE-2025-52914 ↗
- ·Exploitation requires an authenticated attacker; unauthenticated access alone is insufficient to trigger this SQL injection ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2025-08-08
Published