On 23 July 2025, Mitel released fixes for a critical authentication bypass vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE, a communication platform used for enterprise voice and collaboration services. The vulnerability allows unauthenticated remote threat actors to gain unauthorised access to publicly exposed Mitel voice systems and access user or administrator accounts due to improper access controls. A Common Vulnerabilities and Exposures (CVE) identifier has not yet been assigned for this flaw.
Arctic Wolf has not observed exploitation of this vulnerability or seen any publicly available proof-of-concept exploit. However, CISA warned earlier this year that threat actors, including ransomware groups, have actively exploited other vulnerabilities in the Mitel ecosystem. Given the platform’s broad adoption, threat actors may attempt to reverse engineer the patches to develop exploits in the near future.
Recommendation
Upgrade to Latest Fixed Version
Arctic Wolf strongly recommends that customers upgrade to the latest fixed version.
| Product | Affected Version | Fixed Version |
| MiVoice MX-ONE |
|
|
Note: For MiVoice MX-ONE version 7.3 and above, Mitel advises customers to request patches through their authorised service partner. Patches are provided at Mitel’s discretion.
Please follow your organisation’s patching and testing guidelines to minimise potential operational impact.
Workaround
For users unable to apply the patch immediately, Mitel recommends restricting access to the Provisioning Manager service and ensuring it is not exposed to the public internet to help mitigate this vulnerability.
References
Resources
Understand the threat landscape, and how to better defend your organization, with the 2025 Arctic Wolf Threat Report.
See how Arctic Wolf utilizes threat intelligence to harden your attack surface and stop threats earlier and faster.
