CVE-2025-64642 Mirion Medical CVE debrief

Who should care

Organizations running Mirion Medical EC2 Software NMIS BioDose, especially administrators responsible for client workstations, installation hardening, and software integrity in OT or medical environments.

Technical summary

The issue is a default file-permission weakness in the installation directory for NMIS/BioDose V22.02 and earlier. The advisory states that, in certain deployment scenarios, a user on a client workstation can modify program executables and libraries. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H, indicating a local attack path with meaningful integrity and availability impact.

Defensive priority

High. Prioritize if the product is deployed on client workstations or in environments where local users may have write access to application directories.

Recommended defensive actions

• Update to V23.0 or later, per Mirion Medical’s recommendation.
• If you have an active support contract, use the vendor’s supported update path or contact Mirion Medical support directly.
• Review and tighten filesystem permissions on the NMIS/BioDose installation directory so only intended administrative accounts can modify executables and libraries.
• Check affected workstations for unauthorized changes to installed binaries and libraries; reinstall from trusted media if integrity is uncertain.
• Apply CISA ICS recommended practices and defense-in-depth guidance for hardening and access control on operational systems.

Evidence notes

The source corpus is the CISA CSAF advisory ICSMA-25-336-01 and its referenced materials. The advisory explicitly states that NMIS/BioDose V22.02 and previous versions have insecure default installation directory permissions and recommends updating to V23.0 or later. The supplied CVSS vector is AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H.

Official resources