CVE-2024-45355 MEDIUM

CVE-2024-45355: Xiaomi phone framework has unauthorized access vulnerability

Vendor Xiaomi
Product Xiaomi phone framework
Weakness CWE-306 · Missing auth
Published March 27, 2025
Last update March 27, 2025

CVSS base score

5.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A unauthorized access vulnerability exists in the Xiaomi phone framework. The vulnerability is caused by improper validation and can be exploited by attackers to Access sensitive methods.

Key dates

02Disclosure timeline

March 27, 2025 CVE published
March 27, 2025 Record updated