CVE-2025-64298

High CVSS: 8.6

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

Vendor

Mirion

Product

Biodose\/nmis

CWE

CWE-732

Yayın Tarihi

2025-12-02 21:15:52

Güncelleme

2026-01-02 21:02:47

Source Identifier

ics-cert@hq.dhs.gov

KEV Date Added

Kategoriler

CWE-732 Biodose\/nmis HIGH Mirion 2025

Referanslar

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Benzer Kayıtlar

High

CVE-2025-62575

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and o…

High

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which…

High

CVE-2025-64778

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. The…

High

CVE-2025-61940

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User…