MIDV‑679 is a remote‑code‑execution flaw stemming from unsafe Java deserialization in the MIDV Imaging Suite’s metadata import API. Because the endpoint is exposed without authentication and the vulnerable commons‑collections gadget chain is present by default, an attacker can achieve full system compromise and gain access to sensitive patient imaging data.
The immediate priority for any organization running MIDV is to or, if a patch is not yet available, disable the import feature and block the affected endpoint at the network perimeter. Long‑term hardening should include strict input validation, containerization, and robust monitoring to detect any attempted exploitation. MIDV-679