CVE-2024-45361 MEDIUM

CVE-2024-45361: Mi Connect Service APP protocol flaws lead to leaking sensitive user information

Vendor Xiaomi
Product Xiaomi Mi Connect Service
Weakness CWE-319 · Cleartext transmission
Published March 27, 2025
Last update June 23, 2025

CVSS base score

6.5/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A protocol flaw vulnerability exists in the Xiaomi Mi Connect Service APP. The vulnerability is caused by the validation logic is flawed and can be exploited by attackers to leak sensitive user information.

Key dates

02Disclosure timeline

March 27, 2025 CVE published
June 23, 2025 Record updated