{"id":86681,"date":"2026-03-14T00:15:41","date_gmt":"2026-03-14T00:15:41","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-47187-unauthenticated-file-upload-vulnerability-in-mitel-sip-phones","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-47187-unauthenticated-file-upload-vulnerability-in-mitel-sip-phones\/","title":{"rendered":"<strong>CVE-2025-47187: Unauthenticated File Upload Vulnerability in Mitel SIP Phones<\/strong>"},"content":{"rendered":"<p><strong>Overview<\/strong><\/p>\n<p>The CVE-2025-47187 vulnerability affects the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones and the 6970 Conference Unit. If exploited, this vulnerability could allow an attacker to upload arbitrary WAV files, potentially exhausting the phone&#8217;s storage without affecting its operation. This report evaluates the nature of this vulnerability, its potential risks, and how it can be mitigated.<\/p>\n<p><strong>Vulnerability Summary<\/strong><\/p>\n<p>CVE ID: CVE-2025-47187<br \/>\nSeverity: High (7.5)<br \/>\nAttack Vector: Network<br \/>\nPrivileges Required: None<br \/>\nUser Interaction: None<br \/>\nImpact: Potential system compromise or data leakage<\/p>\n<p><strong>Affected Products<\/strong><\/p><div id=\"ameeb-3540736922\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p>Mitel 6800 Series SIP Phones | Through 6.4 SP4 (R6.4.0.4006)<br \/>\nMitel 6900 Series SIP Phones | Through 6.4 SP4 (R6.4.0.4006)<br \/>\nMitel 6900w Series SIP Phones | Through 6.4 SP4 (R6.4.0.4006)<br \/>\nMitel 6970 Conference Unit | Through 6.4 SP4 (R6.4.0.4006) or version V1 R0.1.0<\/p>\n<p><strong>How the Exploit Works<\/strong><\/p>\n<p>The vulnerability lies in missing authentication mechanisms, which allow an attacker to perform a file upload attack. By uploading arbitrary WAV files, an attacker can potentially exhaust the storage of the phones in question. This can lead to a system compromise or data leakage, without affecting the phone&#8217;s availability or operation.<\/p>\n<p><strong>Conceptual Example Code<\/strong><\/p><div id=\"ameeb-3202324789\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>A conceptual example of how the vulnerability might be exploited could be an HTTP POST request to upload a malicious WAV file:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/upload\/endpoint HTTP\/1.1\nHost: target.example.com\nContent-Type: audio\/wav\n{ &quot;filename&quot;: &quot;malicious_file.wav&quot;, &quot;data&quot;: &quot;...&quot; }<\/code><\/pre>\n<p>This would upload the malicious WAV file to the targeted Mitel SIP Phone, potentially exhausting its storage and thus leading to potential system compromise or data leakage.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview The CVE-2025-47187 vulnerability affects the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones and the 6970 Conference Unit. If exploited, this vulnerability could allow an attacker to upload arbitrary WAV files, potentially exhausting the phone&#8217;s storage without affecting its operation. This report evaluates the nature of this vulnerability, its potential risks, and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-86681","post","type-post","status-publish","format-standard","hentry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86681","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=86681"}],"version-history":[{"count":0,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/86681\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=86681"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=86681"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=86681"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=86681"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=86681"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=86681"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=86681"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=86681"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=86681"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}