CVE-2025-62575 HIGH

CVE-2025-62575: Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

Vendor Mirion Medical
Product EC2 Software NMIS BioDose
Weakness CWE-732
Published December 2, 2025
Last update December 2, 2025

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated