CVE-2025-61940
HIGHDescription
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest version of NMIS/BioDose introduces an option to use Windows user authentication with the database, which would restrict this database connection.
Is your site exposed to CVE-2025-61940?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mirion | biodose\/nmis |
References
Frequently Asked Questions
What is CVE-2025-61940? +
How severe is CVE-2025-61940? +
What products are affected by CVE-2025-61940? +
How do I check if I'm vulnerable to CVE-2025-61940? +
Related Vulnerabilities
mpGabinet performs client-side authentication. An attacker with access to any application instance connected to the backend server can bypass the …
Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated …
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator privileges.
New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the …
The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen.
Use of client-side authentication issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a …