Introduction
Attackers can remotely access sensitive configuration data and execute administrative actions on thousands of exposed enterprise communication servers without authentication. The critical path traversal vulnerability CVE-2025-52913 in Mitel MiCollab's NuPoint Unified Messaging component has a real-world impact on business continuity and data security across many industries.
About Mitel and MiCollab: Mitel is a global leader in unified communications, serving over 70 million business users in more than 100 countries. MiCollab is a flagship platform for integrated voice, video, messaging, and collaboration, widely deployed in enterprise and public sector environments. Security flaws in this platform can disrupt essential communications and expose sensitive organizational data.
Technical Information
CVE-2025-52913 is a path traversal vulnerability (CWE-22) in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab, affecting all versions through 9.8 SP2 (9.8.2.12). The root cause is insufficient input validation on user-supplied data used in file path construction. Attackers can craft HTTP requests containing directory traversal sequences such as ../ or encoded equivalents like %2e%2e%2f to navigate outside intended directories and access restricted files or system resources.
The vulnerability is remotely exploitable and does not require authentication. Attackers can target endpoints that interact with the NPM component, sending malicious requests to:
- View, corrupt, or delete user data
- Access or modify system configurations
- Execute unauthorized administrative actions
This issue is a bypass of CVE-2024-41713, meaning that previous patches did not fully address the underlying input validation flaws. Over 20,000 internet-exposed MiCollab instances have been identified as vulnerable, significantly increasing the risk of automated exploitation.
Patch Information
To address CVE-2025-52913, Mitel has released MiCollab version 9.8 SP3 (9.8.3.1) and subsequent updates. These updates enhance input validation in the NPM component to prevent path traversal attacks.
For customers unable to upgrade immediately, a patch is available for releases 6.0 and above. This patch strengthens input validation and is detailed in Mitel Knowledge Base article SO8539, "MiCollab Security Update CVE-2025-52913 Path Traversal Vulnerability." Access may require contacting a Mitel Authorized Partner.
Apply the recommended updates or patches promptly to protect against exploitation.
Reference: Mitel Security Advisory MISA-2025-0007
Detection Methods
Detection of CVE-2025-52913 in Mitel MiCollab's NPM component involves several approaches:
1. Log Analysis:
- Look for requests with
../or%2e%2e%2fin server logs - Identify access to files or directories not typically requested
- Flag unauthorized administrative actions without authentication
2. Network Traffic Monitoring:
- Monitor for HTTP requests with encoded directory traversal patterns
- Detect unauthenticated requests to sensitive endpoints
3. Vulnerability Scanning:
- Use security scanners updated for CVE-2025-52913 and tailored for Mitel MiCollab
4. File Integrity Monitoring:
- Watch for unauthorized changes to critical system files
5. Access Control Review:
- Audit logs for unauthorized administrative actions
6. Patch Verification:
- Confirm systems are running MiCollab version 9.8 SP3 (9.8.3.1) or later
7. SIEM Integration:
- Correlate events and generate alerts for exploitation attempts
Reference: Mitel Security Advisory MISA-2025-0007
Affected Systems and Versions
- Product: Mitel MiCollab
- Component: NuPoint Unified Messaging (NPM)
- Affected versions: All versions through 9.8 SP2 (9.8.2.12)
- Vulnerable configurations: Any deployment running affected versions, especially those with internet-exposed NPM endpoints
Vendor Security History
Mitel MiCollab has experienced recurring input validation vulnerabilities, notably:
- CVE-2024-41713 (path traversal, NPM component)
- CVE-2024-35286 (arbitrary file read)
Patches have been released in response, but the emergence of bypasses such as CVE-2025-52913 highlights the need for more robust validation and security testing. Mitel provides timely advisories and patch guidance but faces ongoing challenges in fully addressing root causes.