CVE-2025-64642 identifies a vulnerability in Mirion Medical's EC2 Software NMIS BioDose, specifically versions 22.02 and earlier, where the installation directory paths are configured with insecure file permissions by default. This CWE-732 (Incorrect Permission Assignment for Critical Resource) flaw allows local users on client workstations to modify program executables and libraries. Because these files are critical to the software's operation, unauthorized modification can lead to code tampering, potentially enabling privilege escalation or the execution of malicious code within the context of the affected application. The vulnerability does not require authentication or user interaction, but it does require local access to the client workstation. The CVSS 4.0 base score is 7.1, reflecting a high severity due to the combination of low attack complexity, no privileges required, and significant impact on integrity and availability. The vulnerability is particularly concerning in medical environments where NMIS BioDose is used to monitor and manage radiation doses, as any tampering could compromise patient safety or disrupt clinical workflows. No patches or exploits are currently known, but the default insecure permissions represent a critical misconfiguration that must be addressed. The vulnerability was reserved in November 2025 and published in December 2025 by ICS-CERT, indicating its relevance to industrial control and medical device security.

The primary impact of CVE-2025-64642 is on the integrity and availability of the NMIS BioDose software, which is critical for radiation dose monitoring in medical settings. Unauthorized modification of executables and libraries can lead to malicious code execution, data corruption, or denial of service, potentially compromising patient safety and clinical decision-making. For European organizations, especially hospitals and medical research centers relying on Mirion Medical's solutions, this vulnerability could disrupt essential healthcare services and lead to regulatory non-compliance under EU medical device and data protection regulations. Additionally, compromised systems could serve as footholds for broader network attacks, threatening confidentiality of sensitive patient data. The requirement for local access limits remote exploitation but does not eliminate risk, as insider threats or compromised workstations could be leveraged. The lack of known exploits currently provides a window for proactive mitigation, but the high severity score and critical nature of the software demand urgent attention.

To mitigate CVE-2025-64642, organizations should immediately audit the file and directory permissions of the NMIS BioDose installation paths on all client workstations and servers. Permissions must be restricted to trusted administrators only, removing write access from standard users or any non-administrative accounts. Implementing strict access control lists (ACLs) and leveraging operating system security features such as Windows Group Policy or Linux file permission models can enforce these restrictions. Additionally, organizations should monitor file integrity using tools like tripwire or OS-integrated file integrity monitoring to detect unauthorized changes promptly. Since no patches are currently available, configuration hardening is critical. Limiting local access to authorized personnel and employing endpoint security solutions to detect suspicious activity can further reduce risk. Regular backups of the software and configuration files should be maintained to enable recovery in case of tampering. Finally, organizations should engage with Mirion Medical for updates and patches and consider applying any vendor-recommended security configurations as they become available.