CVE-2025-23093
Published: 06 February 2025
Description
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
Security Summary
CVE-2025-23093 is a privilege escalation vulnerability in the Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager, affecting versions through V10 R1.54.1 and V11 through R0.22.1. The issue arises from the execution of a resource with unnecessary privileges, classified under CWE-269 (Improper Privilege Management). It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant confidentiality, integrity, and availability impacts.
An authenticated attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low complexity and no user interaction required. Successful exploitation enables the execution of arbitrary commands with elevated privileges, potentially granting full system compromise.
For mitigation details, refer to Mitel Product Security Advisory MISA-2025-0001 at https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2025-0001.
Details
- CWE(s)