PT-2025-23802 · Microsoft · Mim Admin Service
Published
2025-06-04
·
Updated
2025-06-06
·
CVE-2025-1701
CVSS v4.0
8.9
High
| Vector | AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
MIM Admin Service versions prior to 7.2.13
MIM Admin Service versions prior to 7.3.8
MIM Admin Service versions prior to 7.4.3
Description
This issue allows an attacker to execute arbitrary code with the privileges of the MIM Admin service by sending a specially crafted request over the RMI interface. The RMI interface is only accessible locally, limiting the attack vector to the local machine. In a properly configured environment, an attacker must have already compromised the network and the system where the MIM Admin service is running to exploit this issue. Attackers with sufficient knowledge and access to extend the MIM RMI library could force the MIM Admin service to run commands on the local machine with its privileges.
Recommendations
For versions prior to 7.2.13, update to version 7.2.13 or later.
For versions prior to 7.3.8, update to version 7.3.8 or later.
For versions prior to 7.4.3, update to version 7.4.3 or later.
As a temporary workaround, consider restricting access to the RMI interface to minimize the risk of exploitation.
Fix
RCE
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Mim Admin Service