Primary

Context

Mirion Medical NMIS/BioDose Incorrect Permission Assignment Vulnerability Allowing SQL Server Database Access

Vulnerability

A vulnerability exists in Mirion Medical's NMIS/BioDose software versions through 22.02, when the embedded Microsoft SQL Server Express is used. The default installation directory has insecure file permissions that expose the SQL Server database and configuration files containing sensitive information. This exposure occurs through the Windows share accessed by clients in networked installations.

Impact

Exploitation of this vulnerability could allow unauthorized access to the SQL Server database, modification of program executables, and execution of arbitrary code, according to CISA.

Remediation

Users are advised to update to version 23.0 or later. Those with an active support contract can contact Mirion Medical support for assistance.

Added: Dec 2, 2025, 9:19 PM

Updated: Dec 2, 2025, 9:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.9

remediation

7.7

relevance

1.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mirion Medical NMIS/BioDose Incorrect Permission Assignment Vulnerability Allowing SQL Server Database Access

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating