CVE-2025-52913
Mitel · MiCollab (NuPoint Unified Messaging)
A path traversal vulnerability in the NuPoint Unified Messaging component of Mitel MiCollab allows unauthenticated attackers to access unauthorized files.
Executive summary
A critical path traversal vulnerability in Mitel MiCollab could allow an unauthenticated attacker to gain unauthorized access to sensitive system files.
Vulnerability
The NuPoint Unified Messaging (NPM) component fails to properly validate input, allowing an unauthenticated remote attacker to perform path traversal and potentially access sensitive files on the host system.
Business impact
This vulnerability carries a CVSS score of 9.8, indicating a critical risk to the confidentiality and integrity of the affected server. Successful exploitation could lead to the exposure of sensitive configuration files or credentials, potentially resulting in full system compromise and significant operational downtime.
Remediation
Immediate Action: Identify and update all instances of Mitel MiCollab to the version specified by the vendor as containing the security patch.
Proactive Monitoring: Inspect web server logs for suspicious URL patterns containing directory traversal sequences such as "../" or ".." directed at the NuPoint Unified Messaging component.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block directory traversal attempts and restrict access to the NPM interface from untrusted networks.
Exploitation status
Public Exploit Available: Not specified
Analyst recommendation
Given the critical severity of this path traversal flaw, immediate attention is required. Administrators should prioritize patching the NuPoint Unified Messaging component to prevent unauthorized file access and potential system takeover.