Cyber Resilience

CVE-2025-23094

High

Published: 06 February 2025

Published
06 February 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0214 84.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23094 is a high-severity Command Injection (CWE-77) vulnerability in Mitel OpenScape (inferred from references). Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is a command injection flaw, tracked as CVE-2025-23094 and assigned CWE-77, that stems from insufficient parameter sanitization in the Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager. It affects versions V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier. The issue carries a CVSS 3.1 score of 7.3 and permits an unauthenticated remote attacker to inject and execute operating-system commands.

An unauthenticated attacker with network access can supply crafted input to the web interface and obtain arbitrary command execution at the privilege level of the web-access process. No user interaction or credentials are required, and the attack surface is exposed to any party that can reach the affected management interface.

A Mitel security advisory describing the issue is available at the vendor site. The EPSS score rose sharply from a low baseline to a peak of 0.2895 on 2025-12-11 before receding to its current value of 0.0214, indicating that exploitation interest increased several months after public disclosure.

EU & UK References

Vulnerability details

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient…

more

parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

Command injection in public-facing web component allows remote unauthenticated arbitrary command execution, directly mapping to T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for command execution on the likely Linux-based Mitel system.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4048Shared CWE-77
CVE-2026-31059Shared CWE-77
CVE-2026-22284Shared CWE-77
CVE-2024-39783Shared CWE-77
CVE-2024-57583Shared CWE-77
CVE-2026-46368Shared CWE-77
CVE-2024-39781Shared CWE-77
CVE-2024-39367Shared CWE-77
CVE-2026-3518Shared CWE-77
CVE-2024-57590Shared CWE-77

Affected Assets

Mitel
OpenScape
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires input validation mechanisms at entry points to prevent command injection from insufficient parameter sanitization.

prevent

Mandates timely identification, reporting, and patching of flaws like this command injection vulnerability per vendor advisory.

prevent

Limits damage from injected commands by enforcing least privilege on the vulnerable web access process.

References