CVE-2025-23094
Published: 06 February 2025
Summary
CVE-2025-23094 is a high-severity Command Injection (CWE-77) vulnerability in Mitel OpenScape (inferred from references). Its CVSS base score is 7.3 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 15.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is a command injection flaw, tracked as CVE-2025-23094 and assigned CWE-77, that stems from insufficient parameter sanitization in the Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager. It affects versions V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier. The issue carries a CVSS 3.1 score of 7.3 and permits an unauthenticated remote attacker to inject and execute operating-system commands.
An unauthenticated attacker with network access can supply crafted input to the web interface and obtain arbitrary command execution at the privilege level of the web-access process. No user interaction or credentials are required, and the attack surface is exposed to any party that can reach the affected management interface.
A Mitel security advisory describing the issue is available at the vendor site. The EPSS score rose sharply from a low baseline to a peak of 0.2895 on 2025-12-11 before receding to its current value of 0.0214, indicating that exploitation interest increased several months after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-3121
Vulnerability details
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager V11 R0.22.0 through V11 R0.22.1, V10 R1.54.0 through V10 R1.54.1, and V10 R1.42.6 and earlier could allow an unauthenticated attacker to conduct a command injection attack due to insufficient…
more
parameter sanitization. A successful exploit could allow an attacker to execute arbitrary commands within the same privilege level as the web access process.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection in public-facing web component allows remote unauthenticated arbitrary command execution, directly mapping to T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for command execution on the likely Linux-based Mitel system.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires input validation mechanisms at entry points to prevent command injection from insufficient parameter sanitization.
Mandates timely identification, reporting, and patching of flaws like this command injection vulnerability per vendor advisory.
Limits damage from injected commands by enforcing least privilege on the vulnerable web access process.