CVE-2025-61940

High CVSS: 8.7

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.

Vendor

Mirion

Product

Biodose\/nmis

CWE

CWE-603

Yayın Tarihi

2025-12-02 21:15:51

Güncelleme

2026-01-02 21:03:59

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-603 Biodose\/nmis HIGH Mirion 2025

Referanslar

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Benzer Kayıtlar

High

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and o…

High

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are expose…

High

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which…

High

CVE-2025-64778

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. The…