Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 2, 2025

Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

CVE-2025-62575

Description

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

Affected products

NMIS/BioDose/NMIS/BioDosellm-fuzzy
Range: <=22.02
Mirion Medical/EC2 Software NMIS BioDosev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000