Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation in MIM Admin Service
Vulnerability Description
CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
MIM Admin Service 安全漏洞
Vulnerability Description
MIM Admin Service是美国MIM公司的一款用于集中管理身份和访问权限的服务组件。 MIM Admin Service 7.2.13之前版本、7.3.8之前版本和7.4.3之前版本存在安全漏洞,该漏洞源于RMI接口处理不当,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A