Vulnerability cyber

Xiaomi

Jun 24, 2025 1 min read
Xiaomi

A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device access. The vulnerability, assigned CVE-2024-45347, carries a severe CVSS score of 9.6. Attackers can exploit this vulnerability to bypass authentication mechanisms and gain complete unauthorized access to victim devices running the affected software. This could result in the compromise of sensitive data, installation of malicious software, or persistent access to the compromised device.

Source: https://cybersecuritynews.com/xiaomis-interoperability-app-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/xiaomi-technology

"id": "xia605062425",
"linkid": "xiaomi-technology",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'name': 'Xiaomi',
                        'type': 'Company'}],
 'attack_vector': 'Interoperability application protocols',
 'customer_advisories': 'Update to patched version',
 'description': 'A severe security vulnerability (CVE-2024-45347) has been '
                'discovered in Xiaomi’s interoperability application, '
                'potentially exposing millions of users to unauthorized device '
                'access. Attackers can exploit this vulnerability to bypass '
                'authentication mechanisms and gain complete unauthorized '
                'access to victim devices running the affected software.',
 'impact': {'data_compromised': 'Sensitive data',
            'operational_impact': 'Complete system compromise',
            'systems_affected': 'Xiaomi Interconnection Application '
                                '3.1.895.10'},
 'initial_access_broker': {'entry_point': 'Interoperability application '
                                          'protocols',
                           'high_value_targets': 'User devices'},
 'lessons_learned': 'Importance of regular software updates and collaboration '
                    'with the security community',
 'motivation': 'Unauthorized access to victim devices',
 'post_incident_analysis': {'corrective_actions': 'Patch released to restore '
                                                  'proper verification logic',
                            'root_causes': 'Flaw in the application’s '
                                           'verification logic'},
 'recommendations': 'Users should immediately update to the patched version '
                    '3.1.921.10',
 'references': [{'source': 'Xiaomi Security Advisory'}],
 'response': {'communication_strategy': 'Security advisory released',
              'containment_measures': 'Patch released (version 3.1.921.10)',
              'remediation_measures': 'Software update'},
 'title': 'Xiaomi Interconnection Application Authentication Bypass '
          'Vulnerability',
 'type': 'Authentication Bypass Vulnerability',
 'vulnerability_exploited': 'CVE-2024-45347'}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

Zimbra

public 1 min read
A critical security vulnerability (CVE-2025-27915) has been discovered in Zimbra Classic Web Client, allowing attackers to execute arbitrary JavaScript code…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.