cbcvebase.
CVE-2025-52914
published 2025-08-08

CVE-2025-52914: A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.57%
42.9th percentile
A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.

Affected

2 ranges
VendorProductVersion rangeFixed in
mitelmicollab< 9.8.3.1039.8.3.103
mitelmicollab>= 10.0.0.26 < 10.1.0.1010.1.0.10

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2025-52914 is a SQL Injection vulnerability in the Suite Applications Services component of Mitel MiCollab; monitor for anomalous or malformed SQL syntax in requests targeting this component on affected versions (10.0 through SP1 FP1 / 10.0.1.101)
  • The vulnerability requires authentication; detection should focus on authenticated sessions issuing unexpected or crafted SQL-bearing payloads to the Suite Applications Services component of MiCollab
  • No in-the-wild exploitation has been confirmed for CVE-2025-52914 as of disclosure; however, prioritize patching given Mitel MiCollab's history of active exploitation (e.g., CVE-2024-55550, CVE-2024-41713)
  • ·Affected versions are strictly MiCollab 10.0 through SP1 FP1 (10.0.1.101); systems outside this version range are not confirmed affected by CVE-2025-52914
  • ·Exploitation requires an authenticated attacker; unauthenticated access alone is insufficient to trigger this SQL injection
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.