CVE-2025-62575

High CVSS: 8.7

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

Vendor

Mirion

Product

Biodose\/nmis

CWE

CWE-732

Yayın Tarihi

2025-12-02 21:15:52

Güncelleme

2026-01-02 21:03:05

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-732 Biodose\/nmis HIGH Mirion 2025

Referanslar

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Benzer Kayıtlar

High

CVE-2025-64298

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are expose…

High

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which…

High

CVE-2025-64778

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. The…

High

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User…