---
title: "Critical Flaws in Mirion Medical Software Expose Healthcare Systems to Attacks"
short_title: "Mirion Medical software vulnerabilities expose healthcare data"
description: "Mirion Medical's EC2 Software NMIS BioDose faces critical vulnerabilities, including hard-coded credentials and permission flaws, risking data breaches and remote code execution."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [mirion-medical, healthcare-cybersecurity, cve-2025, data-breach, rce]
score: 0.87
cve_ids: [CVE-2025-64642, CVE-2025-64298, CVE-2025-61940, CVE-2025-64778, CVE-2025-62575]
---
TL;DR
Mirion Medical’s EC2 Software NMIS BioDose has been found vulnerable to five critical security flaws, including hard-coded credentials and incorrect permission assignments. These vulnerabilities could enable attackers to modify executables, access sensitive data, or execute remote code, posing severe risks to healthcare systems worldwide. Users are urged to update to version 23.0 or later immediately.
---
Main Content
Introduction
Healthcare systems rely on specialized software to manage critical operations, but vulnerabilities in these systems can have devastating consequences. Mirion Medical’s EC2 Software NMIS BioDose, a widely used solution in the healthcare and public health sector, has been identified as having multiple critical security flaws. These vulnerabilities, if exploited, could allow attackers to compromise patient data, alter software functionality, or gain unauthorized access to sensitive systems.
---
Key Points
- Five critical vulnerabilities have been discovered in Mirion Medical’s EC2 Software NMIS BioDose, affecting versions prior to 23.0.
- Flaws include incorrect permission assignments, client-side authentication, and hard-coded credentials, enabling remote exploitation.
- Successful exploitation could lead to data breaches, remote code execution (RCE), and unauthorized system access.
- Healthcare organizations worldwide are at risk, with deployments spanning critical infrastructure sectors.
- Mirion Medical has released version 23.0 to patch these vulnerabilities, and users are advised to update immediately.
---
Technical Details
#### Affected Products
- Mirion Medical EC2 Software NMIS BioDose: Versions prior to 23.0.
#### Vulnerability Overview
1. Incorrect Permission Assignment for Critical Resource (CWE-732)
- CVE-2025-64642: Default installation directories have insecure file permissions, allowing users to modify program executables and libraries.
- CVSS v3.1 Score: 8.0
- CVSS v4 Score: 7.1
- CVE-2025-64298: Networked installations expose SQL Server databases and configuration files due to insecure directory paths.
- CVSS v3.1 Score: 8.4
- CVSS v4 Score: 8.6
2. Use of Client-Side Authentication (CWE-603)
- CVE-2025-61940: The software relies on client-side authentication, allowing attackers to bypass restrictions and access the database directly.
- CVSS v3.1 Score: 8.3
- CVSS v4 Score: 8.7
3. Use of Hard-Coded Credentials (CWE-798)
- CVE-2025-64778: Executable binaries contain plaintext hard-coded passwords, enabling unauthorized access to the application and database.
- CVSS v3.1 Score: 7.3
- CVSS v4 Score: 8.4
4. Incorrect Permission Assignment for Critical Resource (CWE-732)
- CVE-2025-62575: The 'nmdbuser' SQL account has sysadmin privileges, allowing potential remote code execution via stored procedures.
- CVSS v3.1 Score: 8.3
- CVSS v4 Score: 8.7
---
Impact Assessment
The vulnerabilities in Mirion Medical’s EC2 Software NMIS BioDose pose severe risks to healthcare organizations:
- Data Breaches: Attackers could access sensitive patient data stored in SQL Server databases.
- Remote Code Execution (RCE): Exploitation of CVE-2025-62575 could allow attackers to execute arbitrary code on affected systems.
- Unauthorized Access: Hard-coded credentials and client-side authentication flaws could enable unauthorized system access.
- Operational Disruption: Modification of program executables could disrupt critical healthcare operations, endangering patient safety.
Given the global deployment of this software, the potential impact is widespread, affecting healthcare providers and public health infrastructure.
---
Mitigation Steps
Mirion Medical and CISA recommend the following actions to mitigate these vulnerabilities:
1. Update Immediately: Users should upgrade to version 23.0 or later of EC2 Software NMIS BioDose.
2. Network Segmentation: Minimize network exposure for control system devices and ensure they are not accessible from the internet.
3. Firewall Protection: Locate control system networks behind firewalls and isolate them from business networks.
4. Secure Remote Access: Use Virtual Private Networks (VPNs) for remote access, ensuring they are updated to the latest version.
5. Defensive Measures: Implement CISA’s recommended cybersecurity strategies for proactive defense of industrial control systems (ICS).
For more details, refer to [CISA’s ICS Recommended Practices](https://www.cisa.gov/resources-tools/resources/ics-recommended-practices).
---
Conclusion
The discovery of five critical vulnerabilities in Mirion Medical’s EC2 Software NMIS BioDose underscores the urgent need for robust cybersecurity measures in healthcare systems. Organizations using this software must act immediately to apply patches and implement defensive strategies to prevent exploitation. Failure to address these flaws could result in data breaches, operational disruptions, and compromised patient safety.
Healthcare providers are encouraged to stay vigilant, monitor for suspicious activity, and follow CISA’s guidelines to safeguard their systems against emerging threats.
---
References
[^1]: CISA. "[ICS Medical Advisory (ICSMA-25-336-01)](https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01)". Retrieved 2025-01-24.
[^2]: MITRE. "[CWE-732: Incorrect Permission Assignment for Critical Resource](https://cwe.mitre.org/data/definitions/732.html)". Retrieved 2025-01-24.
[^3]: MITRE. "[CWE-603: Use of Client-Side Authentication](https://cwe.mitre.org/data/definitions/603.html)". Retrieved 2025-01-24.
[^4]: MITRE. "[CWE-798: Use of Hard-coded Credentials](https://cwe.mitre.org/data/definitions/798.html)". Retrieved 2025-01-24.