7/8/25, 11:53 AM CERT-In Vulnerability Notes
CERT-In Vulnerability Note CIVN-2025-0139
Unauthorized Access Vulnerability in the Xiaomi Mi Connect Service APP
Original Issue Date:July 01, 2025
Severity Rating: CRITICAL
Software Affected
Xiaomi Mi Connect Service versions [Link] and prior
Overview
A vulnerability has been reported in Xiaomi Mi Connect Service APP which could be exploited by an attacker to gain
unauthorized access to the victim¿s device and bypass security restriction on the targeted system.
Target Audience:
All end user organizations and individuals using Xiaomi Mi devices.
Risk Assessment:
Critical risks to the confidentiality, integrity, and availability of the affected devices.
Impact Assessment:
Potential for sensitive information disclosure, data theft and device compromise.
Description
Mi Connect Service is an interoperability application that forms part of Xiaomi¿s inter-device communication framework. It is
designed to enable seamless file transfers and screen sharing across Xiaomi devices, including phones, TVs, and laptops. The
service supports key features such as Mi Share, screen casting, multi-screen collaboration, and Quick Apps, and also offers
functionality similar to Nearby Share within the Xiaomi ecosystem.
An unauthorized Access Vulnerability exists in the Xiaomi Mi Connect Service APP due to flaw in the verification logic
(improper authentication) that can be bypassed.
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the victims device.
Solution
Apply appropriate updates as mentioned by the vendor:
[Link]
Vendor Information
Xiaomi
[Link]
References
Xiaomi
[Link]
CVE Name
CVE-2024-45347
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@[Link]
Phone: +91-11-22902657
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
about:blank 1/2
7/8/25, 11:53 AM CERT-In Vulnerability Notes
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
about:blank 2/2