Scribd
Upload
83 views2 pages

CERT-In Vulnerability Notes3

A critical unauthorized access vulnerability has been identified in the Xiaomi Mi Connect Service APP, affecting versions 3.1.895.10 and prior, which could allow attackers to bypass security measures and gain access to users' devices. The vulnerability poses significant risks to the confidentiality, integrity, and availability of affected devices, potentially leading to data theft and device compromise. Users are advised to apply updates as provided by the vendor to mitigate this risk.

Uploaded by

lebiri1023
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
83 views2 pages

CERT-In Vulnerability Notes3

A critical unauthorized access vulnerability has been identified in the Xiaomi Mi Connect Service APP, affecting versions 3.1.895.10 and prior, which could allow attackers to bypass security measures and gain access to users' devices. The vulnerability poses significant risks to the confidentiality, integrity, and availability of affected devices, potentially leading to data theft and device compromise. Users are advised to apply updates as provided by the vendor to mitigate this risk.

Uploaded by

lebiri1023
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

7/8/25, 11:53 AM CERT-In Vulnerability Notes

CERT-In Vulnerability Note CIVN-2025-0139


Unauthorized Access Vulnerability in the Xiaomi Mi Connect Service APP

Original Issue Date:July 01, 2025

Severity Rating: CRITICAL

Software Affected

Xiaomi Mi Connect Service versions [Link] and prior

Overview

A vulnerability has been reported in Xiaomi Mi Connect Service APP which could be exploited by an attacker to gain
unauthorized access to the victim¿s device and bypass security restriction on the targeted system.

Target Audience:
All end user organizations and individuals using Xiaomi Mi devices.

Risk Assessment:
Critical risks to the confidentiality, integrity, and availability of the affected devices.

Impact Assessment:
Potential for sensitive information disclosure, data theft and device compromise.

Description

Mi Connect Service is an interoperability application that forms part of Xiaomi¿s inter-device communication framework. It is
designed to enable seamless file transfers and screen sharing across Xiaomi devices, including phones, TVs, and laptops. The
service supports key features such as Mi Share, screen casting, multi-screen collaboration, and Quick Apps, and also offers
functionality similar to Nearby Share within the Xiaomi ecosystem.

An unauthorized Access Vulnerability exists in the Xiaomi Mi Connect Service APP due to flaw in the verification logic
(improper authentication) that can be bypassed.

Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the victims device.

Solution

Apply appropriate updates as mentioned by the vendor:


[Link]

Vendor Information

Xiaomi
[Link]

References

Xiaomi
[Link]

CVE Name
CVE-2024-45347

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@[Link]
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)


Ministry of Electronics and Information Technology

about:blank 1/2
7/8/25, 11:53 AM CERT-In Vulnerability Notes
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India

about:blank 2/2

You might also like