Connect with us

Hi, what are you looking for?



Critical Mirth Connect Vulnerability Could Expose Sensitive Healthcare Data

Mirth Connect versions prior to 4.4.1 are vulnerable to CVE-2023-43208, a bypass for an RCE vulnerability.

Open source data integration platform Mirth Connect is affected by a remote code execution vulnerability that can be exploited without authentication, cybersecurity firm warns.

Developed by NextGen HealthCare, Mirth Connect is a cross-platform interface engine that healthcare organizations rely on for information management.

Tracked as CVE-2023-43208, the newly disclosed issue is a bypass for a critical-severity RCE flaw (CVE-2023-37679, CVSS score of 9.8) that was disclosed in August 2023 and which was addressed with the release of Mirth Connect version 4.4.0.

According to, CVE-2023-37679 was said to only impact Mirth Connect instances using Java 8 or below, but further analysis of the vulnerability has revealed that, in fact, all Mirth Connect installs are impacted, regardless of the Java version they use.

Furthermore, the cybersecurity firm’s investigation has revealed that the patch for CVE-2023-37679 can be bypassed, and reported the findings to NextGen HealthCare, which released Mirth Connect version 4.4.1 to address the new issue.

“This is an easily exploitable, unauthenticated remote code execution vulnerability. Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data,” says.

For the time being, refrains from releasing technical details or an exploit for CVE-2023-43208, but warns that the methods for exploitation are well known.

“We have verified that Mirth Connect versions going as far back as 2015/2016 are vulnerable,” the cybersecurity firm notes.

Advertisement. Scroll to continue reading. also points out that Mirth Connect appears to be deployed mostly on Windows machines, where it typically runs with System privileges, suggesting that the impact of a successful attack would be critical.

Additionally, the cybersecurity firm notes that it has identified more than 1,200 unique Mirth Connect instances that are directly accessible from the internet.

Mirth Connect users are advised to update to version 4.4.1 of the platform as soon as possible.

Related: Dozens of RCE Vulnerabilities Impact Milesight Industrial Router

Related: Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins

Related: Fortinet Patches Critical RCE Vulnerability in FortiNAC

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...


A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...


Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.