CVE-2025-61940

Summary

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.

Affected Software

VendorProductVersion RangeStatus
Mirion MedicalEC2 Software NMIS BioDose0 < 23.0affected
Mirion MedicalEC2 Software NMIS BioDose23.0unaffected

Weaknesses

  • CWE-603: CWE-603

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References