Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for...

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Description

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

AI Analysis

Incorrect permission assignment for a critical resource in NMIS BioDose allows for remote code execution

Basic Information

ID CVE-2025-62575

Source icscert

Published Dec 2, 2025 at 21:11

Modified Dec 2, 2025 at 21:37

Affected Product

Vendor Mirion Medical

Product EC2 Software NMIS BioDose

Affected Versions Mirion Medical EC2 Software NMIS BioDose 0

CWE Classification

CWE-732

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Mirion Medical

Product EC2 Software NMIS BioDose

Version V22.02 and previous versions

References

www.cisa.gov /news-events/ics-medical-advisories/icsma-25-336-01

{
    "lastseen": "",
    "description": "NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.",
    "published": "2025-12-02T21:11:20.484Z",
    "modified": "2025-12-02T21:37:46.825Z",
    "type": "cve",
    "title": "Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01",
    "id": "CVE-2025-62575",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Mirion Medical EC2 Software NMIS BioDose 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EC2 Software NMIS BioDose",
    "version": "0",
    "vendor": "Mirion Medical",
    "ai_description": "Incorrect permission assignment for a critical resource in NMIS BioDose allows for remote code execution",
    "ai_severity": "High",
    "ai_vendor": "Mirion Medical",
    "ai_product": "EC2 Software NMIS BioDose",
    "ai_version": "V22.02 and previous versions",
    "ai_score": 8.7
}

Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource_CVE-2025-62575