{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-07T14:41:03.871","vulnerabilities":[{"cve":{"id":"CVE-2025-1701","sourceIdentifier":"security@mimsoftware.com","published":"2025-06-04T14:15:27.050","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine.  This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running.  From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges.\n\nUsers of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client.\n\n\n\nThis issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3"},{"lang":"es","value":"CVE-2025-1701 es una vulnerabilidad de alta gravedad en el servicio MIM Admin. Un atacante podría explotar esta vulnerabilidad enviando una solicitud especialmente manipulada a través de la interfaz RMI para ejecutar código arbitrario con los privilegios del servicio MIM Admin. La interfaz RMI solo es accesible localmente (escuchando en 127.0.0.1), lo que limita el vector de ataque al equipo local. Esto significa que, en un entorno hospitalario correctamente configurado, un atacante ya debe haber comprometido la red y, además, el sistema donde se ejecuta el servicio MIM Admin. A partir de ahí, atacantes con conocimiento suficiente de la implementación, el uso de la librería y la funcionalidad de MIM, con acceso para extender la librería RMI de MIM, podrían forzar al servicio MIM Admin a ejecutar comandos en el equipo local con sus privilegios. Los usuarios de productos de software MIM expuestos a través de RDP o un sistema de virtualización de aplicaciones multiusuario deben tener en cuenta que el sistema expuesto es el entorno que aloja el cliente MIM virtualizado. Este problema afecta al Servicio de administración de MIM: antes de 7.2.13, 7.3.8, 7.4.3"}],"metrics":{"cvssMetricV40":[{"source":"security@mimsoftware.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":8.9,"baseSeverity":"HIGH","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}]},"weaknesses":[{"source":"security@mimsoftware.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-306"}]}],"references":[{"url":"https://www.mimsoftware.com/cve-2025-1701","source":"security@mimsoftware.com"}]}}]}