CVE-2025-52913

Critical CVSS 9.8

Overview

A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users' data and system configurations.

CWE: CWE-22 Published: 2025-08-08T18:15:28.330

Risk analysis

This vulnerability is rated 🔴 CRITICAL.

CVSS: 9.8 (CRITICAL)
Detected tags: path, unauth_access (tag impact: HIGH)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.
Enforce authentication/authorization; reduce default endpoint exposure.

Overview

Recommended tools

Tags