CVE-2025-1701

Local Privilege Escalation in MIM Admin Service

Description

CVE-2025-1701 is a high-severity vulnerability in the MIM Admin service. An attacker could exploit this vulnerability by sending a specially crafted request over the RMI interface to execute arbitrary code with the privileges of the MIM Admin service. The RMI interface is only accessible locally (listening on 127.0.0.1), limiting the attack vector to the local machine. This means that in a properly configured hospital environment, an attacker must have already compromised the network and additionally compromised the system where the MIM Admin service is running. From there, attackers with sufficient knowledge of MIM's implementation, library usage, and functionality with access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges. Users of MIM Software products exposed via RDP or multi-user application virtualization system should take note that the system being exposed is the environment hosting the virtualized MIM client. This issue affects MIM Admin Service: before 7.2.13, 7.3.8, 7.4.3

Remediation

Solution:

  • It is recommended that customers update to a patched version as soon as possible.

Workaround:

  • We strongly recommend upgrading to the latest available version. For customers who are unable or need a temporary workaround, the following steps may be taken. Customers who are not using a Fixed License may use a system firewall, endpoint management, or network control system to block all connections to port 5981 from localhost on all MIM systems. This will disable the ability for MIM clients to start and stop MIM services from the Network Preferences window, however services may still be managed directly from the OS.  Customers who are using a Fixed License may contact MIM support and switch their license to either a Local or Concurrent license, and then proceed to block all connections to port 5981 from localhost.

Category

8.9
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.02%
Affected: MIM Software MIM Admin Service
Published at:
Updated at:

References

Link Tags
https://www.mimsoftware.com/cve-2025-1701

Frequently Asked Questions

What is the severity of CVE-2025-1701?
CVE-2025-1701 has been scored as a high severity vulnerability.
How to fix CVE-2025-1701?
To fix CVE-2025-1701: It is recommended that customers update to a patched version as soon as possible.
Is CVE-2025-1701 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2025-1701 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2025-1701?
CVE-2025-1701 affects MIM Software MIM Admin Service.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.