CVE-2024-45352
Published: 27 March 2025
Summary
CVE-2024-45352 is a high-severity Origin Validation Error (CWE-346) vulnerability in Mi (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2024-45352 is a code execution vulnerability in the Xiaomi smarthome application product. The issue stems from improper input validation, enabling attackers to execute malicious code. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-346. The vulnerability was published on 2025-03-27.
Attackers can exploit this vulnerability remotely over the network with low complexity and no privileges required, though user interaction is necessary. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing arbitrary code execution on the affected device.
For mitigation details, refer to the advisory at https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=550.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8268
Vulnerability details
An code execution vulnerability exists in the Xiaomi smarthome application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is a remote code execution flaw in a client application (Xiaomi smarthome) due to improper input validation, directly enabling Exploitation for Client Execution (T1203) with user interaction required.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces input validation mechanisms to prevent arbitrary code execution stemming from improper input validation in the Xiaomi smarthome application.
Requires identification, reporting, and timely remediation of flaws like CVE-2024-45352 through patching to eliminate the vulnerability.
Deploys malicious code protection at entry points to scan for and block execution of malicious code exploited via the input validation flaw.