CVE-2025-64298

Summary

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

Affected Software

VendorProductVersion RangeStatus
Mirion MedicalEC2 Software NMIS BioDose0 < 23.0affected
Mirion MedicalEC2 Software NMIS BioDose23.0unaffected

Weaknesses

  • CWE-732: CWE-732 Incorrect Permission Assignment for Critical Resource

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References