Security Vulnerability Report
中文
CVE-2025-64642 CVSS 8.0 HIGH

CVE-2025-64642

Published: 2025-12-02 21:15:53
Last Modified: 2026-01-02 20:59:39
Source: [email protected]

Description

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

CVSS Details

CVSS Score
8.0
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:mirion:biodose\/nmis:*:*:*:*:*:*:*:* - VULNERABLE
NMIS/BioDose V22.02
NMIS/BioDose 所有之前版本

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-64642 PoC - 检查NMIS/BioDose文件权限 import os import subprocess import sys def check_nmis_permissions(): """检查NMIS/BioDose安装目录的文件权限""" # 常见的NMIS/BioDose安装路径 possible_paths = [ r"C:\Program Files\NMIS", r"C:\Program Files (x86)\NMIS", r"C:\Program Files\BioDose", r"C:\ProgramData\NMIS", r"C:\ProgramData\BioDose" ] vulnerable_files = [] for path in possible_paths: if os.path.exists(path): print(f"[+] Found installation directory: {path}") # 检查目录权限(Windows icacls命令) try: result = subprocess.run( ['icacls', path], capture_output=True, text=True, timeout=10 ) print(f"[>] Permissions for {path}:") print(result.stdout) # 检查可执行文件和DLL的写权限 for root, dirs, files in os.walk(path): for file in files: if file.endswith(('.exe', '.dll')): file_path = os.path.join(root, file) # 检查Users组是否有写入权限 try: perm_result = subprocess.run( ['icacls', file_path], capture_output=True, text=True, timeout=10 ) if 'Users:(F)' in perm_result.stdout or 'Users:(M)' in perm_result.stdout: print(f"[!] VULNERABLE: {file_path} - Users have write access") vulnerable_files.append(file_path) except: pass except Exception as e: print(f"[-] Error checking permissions: {e}") if vulnerable_files: print(f"\n[!] Found {len(vulnerable_files)} vulnerable files") print("[!] This system is vulnerable to CVE-2025-64642") return True else: print("\n[+] No obvious file permission vulnerabilities found") return False if __name__ == "__main__": check_nmis_permissions()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-64642", "sourceIdentifier": "[email protected]", "published": "2025-12-02T21:15:52.557", "lastModified": "2026-01-02T20:59:39.360", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.5, "impactScore": 5.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mirion:biodose\\/nmis:*:*:*:*:*:*:*:*", "versionEndExcluding": "23.0", "matchCriteriaId": "0C792586-2A7A-4497-B711-F56F88E84E34"}]}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.