CVE-2023-37679

A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

Basic Information

CVE State: PUBLISHED
Reserved Date: July 10, 2023
Published Date: August 03, 2023
Last Updated: August 02, 2024
Vendor: n/a
Product: n/a
Description: A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.

CVSS Scores

EPSS Score

Score: 93.74% (Percentile: 99.84%) as of 2025-04-29

Exploit Status

Exploited in the Wild: Yes (added 2025-04-23 00:00:00 UTC) Source

References

http://mirth.com http://nextgen.com https://www.ihteam.net/advisory/mirth-connect http://packetstormsecurity.com/files/176920/Mirth-Connect-4.4.0-Remote-Command-Execution.html

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-04-23 00:00:00 UTC

Scanner Integrations

Scanner	URL	Date Detected
Metasploit	https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/mirth_connect_cve_2023_43208.rb	2025-04-29 11:01:22 UTC
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-37679.yaml	2025-04-26 00:00:00 UTC