CVE-2025-64778 identifies a critical security flaw in Mirion Medical's EC2 Software NMIS BioDose, specifically versions 22.02 and earlier. The vulnerability stems from the presence of hard-coded plaintext passwords within the software's executable binaries. These embedded credentials violate secure coding practices (CWE-798) and allow attackers who gain local access with low privileges to bypass authentication controls. The vulnerability affects both the application layer and the underlying database, enabling unauthorized access that can lead to data theft, manipulation, or disruption of radiation dose monitoring operations. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N) indicates that exploitation requires local access but no user interaction, with low attack complexity and privileges. The impact on confidentiality and integrity is high, while availability impact is low. No public exploits have been reported yet, but the presence of hard-coded credentials is a well-known risk that can be leveraged by insiders or attackers who have gained limited system access. The vulnerability is particularly concerning for critical healthcare environments where NMIS BioDose is deployed to monitor radiation exposure, as unauthorized access could compromise patient safety data and regulatory compliance. The lack of available patches necessitates immediate mitigation through configuration changes and access controls.

For European organizations, especially those in healthcare, nuclear medicine, and radiation safety sectors, this vulnerability poses a significant risk. Unauthorized access to NMIS BioDose software and its database could lead to exposure of sensitive patient radiation dose data, manipulation of monitoring results, and potential disruption of safety-critical functions. This compromises patient privacy, regulatory compliance (e.g., GDPR), and operational integrity. Attackers exploiting this flaw could escalate privileges or move laterally within networks, increasing the risk of broader compromise. Given the software's role in radiation dose monitoring, any tampering could have severe health and safety implications. The requirement for local access somewhat limits remote exploitation but does not eliminate risk, as insider threats or attackers with initial footholds could leverage this vulnerability. The high confidentiality and integrity impact combined with the critical nature of the affected systems underscores the urgency for European healthcare providers and related organizations to address this issue promptly.

1. Immediate removal or replacement of hard-coded credentials in the NMIS BioDose software binaries is essential. Coordinate with Mirion Medical for official patches or updates addressing this vulnerability. 2. Implement strict access controls to limit local system access only to authorized and trusted personnel, using role-based access control (RBAC) and multi-factor authentication where possible. 3. Employ application-layer authentication mechanisms that do not rely on embedded credentials, such as centralized identity management or secure credential vaults. 4. Conduct thorough audits and monitoring of access logs to detect any unauthorized attempts to use hard-coded credentials. 5. Isolate NMIS BioDose systems within segmented network zones to reduce lateral movement risk if compromised. 6. Educate staff about the risks of insider threats and enforce policies to prevent unauthorized local access. 7. If patches are unavailable, consider deploying host-based intrusion detection systems (HIDS) to alert on suspicious local access or binary tampering. 8. Regularly review and update software inventory to identify and remediate vulnerable versions promptly.