Mitel phone firmware analysis lead to the discovery of two vulnerabilities (CVE-2025-47187 & CVE-2025-47188). Exploiting them leads to unauthenticated code execution on the phone itself.
While on an internal attack simulation engagement, a customer asked us: “Is an attacker able to listen in on our meeting room conversations?”. Motivated by this question, we scanned their internal network and discovered Mitel VoIP phone web management interfaces.
While playing around with the login functionality of the management interface, we accidentally rediscovered CVE-2020-13617 on our own - and since the phone firmware was old enough, it allowed us to leak memory in the failed login response. While we didn’t have enough time to analyze the phone during this engagement, my interest in the phone and its firmware did not vanish.
As part of the R&D team at InfoGuard Labs, I decided to take a closer look at the phone as a research project. This lead to the discovery of two new vulnerabilities:
CVE-2025-47188: Unauthenticated command injection vulnerability
CVE-2025-47187: Unauthenticated .wav file upload vulnerability
These vulnerabilities are present in Mitel 6800 Series, 6900 Series and 6900w Series SIP Phones, including the 6970 Conference Unit with firmware version R6.4.0.SP4 and earlier. Mitel has published the MISA-2025-0004 security advisory informing about these vulnerabilities, the affected devices as well as remediation measures.
The FBI announced on Monday it had successfully gained access to the phone used by Thomas Matthew Crooks, the suspected shooter in the attempted assassination of former President Donald Trump.
Twilio says "threat actors were able to identify" phone numbers of people who use the two-factor app Authy.
A marketing team within media giant Cox Media Group (CMG) claims it has the capability to listen to ambient conversations of consumers through embedded microphones in smartphones, smart TVs, and other devices to gather data and use it to target ads, according to a review of CMG marketing materials by 404 Media and details from a pitch given to an outside marketing professional. Called “Active Listening,” CMG claims the capability can identify potential customers “based on casual conversations in real time.”
Videos collected by 404 Media over months give a peep inside the world of spoofing numbers, automated call scripts, and a specific seller of the phones.
A social engineering phone call lends authenticity to the attacker’s malicious email
A data breach reveals the spyware is built by a Polish developer
There is a critical security flaw in a Cisco phone adapter, and the business technology giant says the only step to take is dumping the hardware and migrating to new kit.
In an advisory, Cisco this week warned about the vulnerability in the SPA112 2-Port Adapter that, if exploited, could allow a remote attacker to essentially take control of a compromised device by seizing full privileges and executing arbitrary code.
The flaw, tracked as CVE-2023-20126, is rated as "critical," with a base score o
Someone is allegedly selling up-to-date mobile phone numbers of nearly 500 million WhatsApp users. A data sample investigated by Cybernews likely confirms this to be true.
One source said that the phone was so heavily compromised that it has now been placed in a locked safe inside a secure Government location.
