CVE-2025-64642

HIGH

Mirion Biodose/nmis < 23.0 - Incorrect Permission Assignment

Title source: rule

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

References (1)

[Third Party Advisory] https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Scores

CVSS v3 8.0

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-732

Status published

Products (1)

mirion/biodose\/nmis < 23.0

Published Dec 02, 2025

Tracked Since Feb 18, 2026