Unauthorized Access Vulnerability in Xiaomi Phone Framework
CVE-2024-45355

5.5MEDIUM

Key Information:

Vendor
Xiaomi
Status
Xiaomi Phone Framework
Vendor
CVE Published:
27 March 2025

Summary

An unauthorized access vulnerability has been identified within the Xiaomi phone framework, arising from insufficient validation measures. This weakness can be exploited by malicious actors to gain unauthorized access to sensitive methods, potentially compromising the security of user data and device functionality. Users of affected Xiaomi devices should ensure they update their systems to mitigate the risks associated with this vulnerability.

Affected Version(s)

Xiaomi phone framework Xiaomi phone framework 14

References

https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId...

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-45355 : Unauthorized Access Vulnerability in Xiaomi Phone Framework | SecurityVulnerability.io