Mitel phone firmware analysis lead to the discovery of two vulnerabilities (CVE-2025-47187 & CVE-2025-47188). Exploiting them leads to unauthenticated code execution on the phone itself.
While on an internal attack simulation engagement, a customer asked us: “Is an attacker able to listen in on our meeting room conversations?”. Motivated by this question, we scanned their internal network and discovered Mitel VoIP phone web management interfaces.
While playing around with the login functionality of the management interface, we accidentally rediscovered CVE-2020-13617 on our own - and since the phone firmware was old enough, it allowed us to leak memory in the failed login response. While we didn’t have enough time to analyze the phone during this engagement, my interest in the phone and its firmware did not vanish.
As part of the R&D team at InfoGuard Labs, I decided to take a closer look at the phone as a research project. This lead to the discovery of two new vulnerabilities:
CVE-2025-47188: Unauthenticated command injection vulnerability
CVE-2025-47187: Unauthenticated .wav file upload vulnerability
These vulnerabilities are present in Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including the 6970 Conference Unit with firmware version R6.4.0.SP4 and earlier. Mitel has published the MISA-2025-0004 security advisory informing about these vulnerabilities, the affected devices as well as remediation measures.
Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs.
The Binarly REsearch team has consistently uncovered security vulnerabilities in the Baseboard Management Controller (BMC) firmware -- a critical component of modern data center infrastructure. These vulnerabilities can be exploited remotely by threat actors, posing significant risk to enterprises.
In a previous report, “Old But Gold: The Underestimated Potency of Decades-Old Attacks on BMC Security,” we documented the BMC architecture in detail and showed that it is still possible to find classes of vulnerabilities known from the early 2000s.
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware.
The Binarly REsearch team investigates vulnerable image parsing components across the entire UEFI firmware ecosystem and finds all major device manufacturers are impacted on both x86 and ARM-based devices.
BlackTech crew looking to steal sensitive data traffic
While Intel is still investigating the incident, the security industry is bracing itself for years of potential firmware insecurity if the keys indeed were exposed.
The potential leak from MSI Gaming of signing keys for an important security feature in Intel-based firmware could cast a shadow on firmware security for years to come and leave devices that use the keys highly vulnerable to cyberattacks, security experts say.
On 2022-12-11, I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not. It wasn't the first time that I have been self-signing Secure Boot, I wasn't doing it wrong.
As I have later discovered on 2022-12-16, it wasn't just broken firmware, MSI had changed their Secure Boot defaults to allow booting on security violations(!!).
Des milliers de particuliers et d’entreprises européennes sont sans connexion depuis le 24 février. De plus en plus d’éléments pointent vers le sabotage d’un satellite, en lien avec le conflit ukrainien.
