HIGH🇬🇧 English

CVE-2025-62575

CVSS 8.7v4.0pub. 2025-12-02upd. 2026-01-02

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

oryginał EN
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Mirion Biodose\/nmis

    APP
    Mirion
    < 23.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
CWE
Referencje

Powiązane podatności

CVE-2025-61940HIGH8.7ten sam produkt

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the datab...

CVE-2025-64298HIGH8.6ten sam produkt

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used ...

CVE-2025-64642HIGH7.1ten sam produkt

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissi...

CVE-2025-64778HIGH8.4ten sam produkt

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded pass...

CVE-2017-9645MEDIUM6.5ten sam vendor

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPa...