Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for...

7.1 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

Basic Information

ID CVE-2025-64642

Source icscert

Published Dec 2, 2025 at 21:03

Modified Dec 2, 2025 at 21:40

Affected Product

Vendor Mirion Medical

Product EC2 Software NMIS BioDose

Affected Versions Mirion Medical EC2 Software NMIS BioDose 0

CWE Classification

CWE-732

References

www.cisa.gov /news-events/ics-medical-advisories/icsma-25-336-01

{
    "lastseen": "",
    "description": "NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.",
    "published": "2025-12-02T21:03:43.349Z",
    "modified": "2025-12-02T21:40:46.180Z",
    "type": "cve",
    "title": "Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01",
    "id": "CVE-2025-64642",
    "bulletinFamily": "",
    "cwe": [
        "CWE-732"
    ],
    "cvelist": null,
    "sourceData": "Mirion Medical EC2 Software NMIS BioDose 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EC2 Software NMIS BioDose",
    "version": "0",
    "vendor": "Mirion Medical",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource_CVE-2025-64642