{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-64778","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2025-11-11T20:56:52.864Z","datePublished":"2025-12-02T21:09:38.450Z","dateUpdated":"2025-12-02T21:38:49.345Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EC2 Software NMIS BioDose","vendor":"Mirion Medical","versions":[{"lessThan":"23.0","status":"affected","version":"0","versionType":"custom"},{"status":"unaffected","version":"23.0"}]}],"credits":[{"lang":"en","type":"finder","value":"Joe Dillon reported these vulnerabilities to Mirion Medical."}],"datePublic":"2025-12-02T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\n\n\n\n\nNMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.\n\n\n\n\n\n"}],"value":"NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database."}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.4,"baseSeverity":"HIGH","exploitMaturity":"NOT_DEFINED","privilegesRequired":"LOW","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"LOW","baseScore":7.3,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"CWE-798 Use of Hard-coded Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-12-02T21:09:38.450Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support directly.\n\n
"}],"value":"Mirion Medical recommends users update to V23.0 or later. Users with an active support contract should update to the latest version through the software or users can contact Mirion Medical support directly."}],"source":{"advisory":"ICSMA-25-336-01","discovery":"EXTERNAL"},"title":"Mirion Medical EC2 Software NMIS BioDose Use of Hard-coded Credentials","x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-12-02T21:38:39.518064Z","id":"CVE-2025-64778","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-12-02T21:38:49.345Z"}}]}}