CVE-2025-61940 – Mirion Medical EC2 Software NMIS BioDose Use of Client-Side Authentication

CVE ID : CVE-2025-61940

Published : Dec. 2, 2025, 9:15 p.m. | 1 hour, 10 minutes ago

Description : NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…