CVE-2025-64778 HIGH

CVE-2025-64778: Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials

Vendor Mirion Medical
Product EC2 Software NMIS BioDose
Weakness CWE-798 · Hardcoded credentials
Published December 2, 2025
Last update December 2, 2025

CVSS base score

8.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.

Key dates

02Disclosure timeline

December 2, 2025 CVE published
December 2, 2025 Record updated