CVE-2025-1701

HIGH EPSS 45.6%
Published Jun 4, 20251y ago · Modified Jun 17, 20262w ago
8.9 CVSS 4.0
High
Find Similar
Published Jun 4, 2025 1y ago
Last Modified Jun 17, 2026 2w ago

Description

CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3

CVSS Details

Base Score
8.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
45.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 2

CWE-20 Improper Input Validation Validation
CWE-306 Missing Authentication for Critical Function Authentication

References 1

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.