HIGH🇵🇱 Wersja polska

CVE-2025-62575

CVSS 8.7v4.0pub. 2025-12-02upd. 2026-01-02

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Mirion Biodose\/nmis

    APP
    Mirion
    < 23.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2025-61940HIGH8.7ten sam produkt

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the datab...

CVE-2025-64298HIGH8.6ten sam produkt

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used ...

CVE-2025-64642HIGH7.1ten sam produkt

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissi...

CVE-2025-64778HIGH8.4ten sam produkt

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded pass...

CVE-2017-9645MEDIUM6.5ten sam vendor

An Inadequate Encryption Strength issue was discovered in Mirion Technologies DMC 3000 Transmitter Module, iPa...