Code Execution Flaw in Xiaomi Smarthome Application
CVE-2024-45352

8.8HIGH

Key Information:

Vendor: Xiaomi
Status: Xiaomi Smarthome Application
Vendor: CVE Published:; 27 March 2025

What is CVE-2024-45352?

A code execution flaw has been identified in the Xiaomi Smarthome Application due to inadequate input validation. This weakness allows malicious actors to exploit the application, potentially leading to unauthorized execution of harmful code within the system. Users are advised to update to the latest version to mitigate the risks associated with this vulnerability. Maintaining robust security practices is essential to safeguard devices connected to the smarthome ecosystem.

Affected Version(s)

Xiaomi smarthome application Xiaomi smarthome application 10.0.623

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2025
Vulnerability Reserved
Aug 28, 2024