CVE-2025-64642
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2025-12-04

Assigner: ICS-CERT

Description
NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2025-12-04
Generated
2026-06-16
AI Q&A
2025-12-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-64642
EUVD
EUVD-2025-200324
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nmis biodose *
nmis biodose 22.02
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists because the installation directory paths of NMIS/BioDose V22.02 and earlier versions have insecure file permissions by default. This can allow users on client workstations to modify the program executables and libraries under certain deployment scenarios.

Impact Analysis

The vulnerability can impact you by allowing unauthorized users on client workstations to modify critical program executables and libraries. This can lead to potential compromise of the software's integrity, unauthorized code execution, or disruption of normal operations.

Detection Guidance

This vulnerability can be detected by checking the file permissions of the NMIS/BioDose installation directory and its executables and libraries to see if they are insecurely set, allowing modification by unauthorized users. Specific commands depend on the operating system, but for Unix-like systems, you can use commands like 'ls -l' to list permissions and 'stat' to get detailed file permission information on the installation directory and its files.

Mitigation Strategies

Immediate mitigation steps include correcting the file permissions of the NMIS/BioDose installation directory and its executables and libraries to restrict modification rights only to authorized users. This typically involves setting stricter permissions to prevent client workstation users from modifying program files.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-64642. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart