The initial question posed by a customer as part of an internal attack simulation was as simple as it was explosive: "Could an attacker listen in on our conversations in the meeting rooms?" This impulse was the starting signal for an in-depth analysis of the VoIP infrastructure used - specifically the Mitel SIP telephones in the meeting rooms. During the network scan, the team came across the web management interfaces of several devices and made a discovery: An old, still unpatched vulnerability (CVE-2020-13617) exposed sensitive information.
But the case did not end there: technical curiosity was aroused - and the SIP telephones ended up as research objects at InfoGuard RedTeam, in InfoGuard Labs.
As part of an in-depth research project, our InfoGuard RedTeam identified two previously unknown vulnerabilities in Mitel devices:
CVE-2025-47188: A critical vulnerability that allows unauthenticated command injection.
CVE-2025-47187: A vulnerability that allows .wav files to be uploaded to the device without login.
Both vulnerabilities affect common SIP models of the Mitel series 6800, 6900, 6900w as well as the conference solution 6970 (firmware R6.4.0.SP4 and earlier). Particularly explosive: The devices can be brought under control via manipulated inputs - a possible gateway into internal networks or for monitoring sensitive calls.
On May 7, 2025, the manufacturer Mitel published an official security notification after being proactively informed by InfoGuard. Shortly afterwards, various specialist portals such as Heise, Cybersecurity-News, News.de and Linux-Magazin reported on the vulnerabilities discovered.
The response shows: The topic is highly relevant across all industries - especially for companies with critical infrastructures, public authorities and large companies.
This incident is an example of why targeted attack simulations and offensive research are a central element of modern cyber security strategies. Even systems that are considered "inconspicuous" in day-to-day business can become a vulnerability - especially if they are not actively monitored or regularly checked for security gaps. The penetration testing team is here for you. Contact us for a no-obligation discussion about our pentesting solutions.
Would you like to find out more about the security vulnerability discovered? You can find our detailed analysis on the InfoGuard Labs tech blog. Further technical insights into the discovered vulnerabilities will follow soon in the write-up. Stay tuned and informed - because security starts with knowledge.
Caption: Image from our own image archive