Biodose/Nmis
Approved changes feed: RSS · Atom
cpe:2.3:a:mirion:biodose\/nmis:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Mirion (031af545-45b8-55d7-9d3f-0ed3d36503fc) |
|---|---|
| Product | Biodose/Nmis (791fd252-044a-5beb-88f8-df71e912205a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-64778 |
vulnerable | 2026-06-03 15:09:39.792542 |
Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials
HIGH (7.3)
NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.
Published: 2025-12-02T21:09:38.450Z
Updated: 2025-12-02T21:38:49.345Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64642 |
vulnerable | 2026-06-03 15:09:39.459407 |
Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
HIGH (8)
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
Published: 2025-12-02T21:03:43.349Z
Updated: 2025-12-02T21:40:46.180Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64298 |
vulnerable | 2026-06-03 15:09:37.690235 |
Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
HIGH (8.4)
NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and configuration files, which can contain sensitive data.
Published: 2025-12-02T21:05:38.266Z
Updated: 2025-12-09T17:03:09.449Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62575 |
vulnerable | 2026-06-03 15:07:59.084267 |
Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource
HIGH (8.3)
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.
Published: 2025-12-02T21:11:20.484Z
Updated: 2025-12-02T21:37:46.825Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-61940 |
vulnerable | 2026-06-03 15:07:57.480264 |
Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication
HIGH (8.3)
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.
Published: 2025-12-02T21:07:47.995Z
Updated: 2025-12-09T17:03:27.576Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.