Summary:
CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine.
Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client.
Referenced Common Weakness Enumerations:
- CWE-20
- CWE-306
Affected Products and Services:
MIM Admin Service
- < 7.2.13
- < 7.3.8
- < 7.4.3
Impact:
An attacker with authorized access to the system and knowledge of the MIM Admin RMI internals could execute arbitrary code with the privileges of the MIM Admin service.
Recommendation:
Update to the latest supported patch version:
7.2.13+
7.3.8+
7.4.3+
Temporary Mitigation:
We strongly recommend upgrading to the latest available version.
For customers who are unable or need a temporary workaround, the following steps may be taken.
Customers who are not using a Fixed License may use a firewall or network control system to block all connections to port 5981 on MIM client systems. This will disable the ability for MIM clients to start and stop MIM services. Customers who are using a Fixed License may contact MIM support and switch their license to either a Local or Concurrent license, and then proceed to block all connections to port 5981 on MIM client systems.
