Unrated severityNVD Advisory· Published Dec 2, 2025· Updated Dec 9, 2025

Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

CVE-2025-64298

Description

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.

Affected products

NMIS/BioDose/NMIS/BioDosellm-fuzzy
Range: <= V22.02
Mirion Medical/EC2 Software NMIS BioDosev5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000