CVE-2025-64642

Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

INFO

Published Date :

2025-12-02T21:03:43.349Z

Last Modified :

2025-12-02T21:40:46.180Z

Source :

icscert

AFFECTED PRODUCTS

The following products are affected by CVE-2025-64642 vulnerability.

Vendors	Products
Mirion	Biodose\/nmis
Mirion Medical	Nmis Biodose

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64642.

URL	Resource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact