CVE-2025-64642

high

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

Details

Source: Mitre, NVD

Published: 2025-12-02

Updated: 2025-12-02

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Severity: High

CVSS v4

Base Score: 7.1

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N