Arbitrary Code Execution Vulnerability in MIM Admin Service by MIM Software
CVE-2025-1701

8.9HIGH

Key Information:

Vendor: Mim Software
Status: Mim Admin Service
Vendor: CVE Published:; 4 June 2025

🔔 Create Mim Software Vulnerability Alert

What is CVE-2025-1701?

A vulnerability exists in the MIM Admin service that allows for arbitrary code execution through a specially crafted request sent over the RMI interface. This interface, while limited to local machine access (listening on 127.0.0.1), poses significant risks if the network has been compromised. Attackers with expertise in MIM's structure and a foothold in the system can leverage this vulnerability to execute commands with the privileges of the MIM Admin service. Furthermore, systems exposed via RDP or other multi-user application virtualization could be at higher risk if the hosting environment is not secured appropriately.

Affected Version(s)

MIM Admin Service Windows 0 < 7.2.13

MIM Admin Service Windows 0 < 7.3.8

MIM Admin Service Windows 0 < 7.4.3

References

https://www.mimsoftware.com/cve-2025-1701

CVSS V4

Score:

8.9

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 4, 2025
Vulnerability Reserved
Feb 25, 2025