Cyber Security Alert: New vulnerability (patch bypass) affecting Mitel MiCollab

  • Posted June 24, 2025

The NCSC would like to re-draw your attention to a previous alert advising about vulnerabilities affecting Mitel MiCollab. The NCSC is now aware of a new vulnerability (CVE identifier unknown) that bypasses the patch for CVE-2024-41713.

In our previous alert(external link), we noted active exploitation of two Mitel MiCollab vulnerabilities, CVE-2024-41713 and CVE-2024-55550. This new vulnerability (CVE identifier unknown) could allow an unauthenticated attacker to bypass the patch for CVE-2024-41713 and perform unauthorised administrative actions on a MiCollab server.

This bypass affects Mitel MiCollab versions up to 9.8 SP2 (9.8.2.12) and earlier.

The NCSC encourages organisations in New Zealand that use the affected product to review the vendor advisory(external link) and apply the relevant patches and mitigations as soon as possible.

For more NCSC NZ updates, follow us on LinkedIn(external link)