These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
Mirion Medical’s NMIS/BioDose software is affected by hard-coded plain-text passwords in executable binaries. CISA’s advisory says versions V22.02 and earlier may allow unauthorized access to both the application and the database, and rates the issue as High severity.
CISA’s advisory for Mirion Medical EC2 Software NMIS BioDose says the product’s default installation directory permissions are insecure in certain deployment scenarios. On affected systems, a user on a client workstation may be able to modify program executables and libraries, creating an integrity risk for the application. Mirion Medical recommends updating to V23.0 or later.
CVE-2025-64298 describes an information exposure issue in Mirion Medical EC2 Software NMIS BioDose. In affected networked installations, the embedded Microsoft SQL Server Express content is exposed through Windows share access, and the default directory paths can allow access to database and configuration files that may contain sensitive data. CISA published the advisory on 2025-12-02 and assigned the iss [truncated]
CVE-2025-62575 affects Mirion Medical EC2 Software NMIS/BioDose V22.02 and earlier. According to CISA, the default SQL user account 'nmdbuser' and other created accounts have the sysadmin role, which can enable remote code execution through built-in Microsoft SQL Server stored procedures. Mirion Medical advises updating to V23.0 or later.
CVE-2025-61940 covers an authentication and access-control weakness in Mirion Medical EC2 Software NMIS/BioDose. According to CISA’s advisory, versions V22.02 and earlier rely on a common SQL Server user account for database access. The client application enforces a password check, but the underlying database connection still has access. Mirion Medical states that the latest version adds an option to use [truncated]