CVE-2025-64778
📋 TL;DR
NMIS/BioDose software versions V22.02 and earlier contain hard-coded plain text passwords in executable binaries, allowing attackers to bypass authentication and gain unauthorized access to both the application and database. This affects all organizations using these vulnerable versions of the medical/ICS software.
💻 Affected Systems
- NMIS/BioDose
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of medical/ICS systems, unauthorized access to sensitive patient/medical data, potential manipulation of medical device operations or dosimetry calculations.
Likely Case
Unauthorized access to application interfaces and databases, data exfiltration of medical/industrial control system information, potential lateral movement within the network.
If Mitigated
Limited impact if proper network segmentation, access controls, and monitoring are in place to detect unauthorized access attempts.
🎯 Exploit Status
Exploitation requires extracting hard-coded passwords from binaries through reverse engineering or memory analysis, then using them for authentication bypass.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: V22.03 or later
Vendor Advisory: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01
Restart Required: Yes
Instructions:
1. Download and install NMIS/BioDose V22.03 or later from official vendor sources. 2. Stop all NMIS/BioDose services. 3. Install the update following vendor documentation. 4. Restart services and verify functionality.
🔧 Temporary Workarounds
Network Segmentation and Access Controls
allRestrict network access to NMIS/BioDose systems to only authorized users and systems using firewalls and network segmentation.
Credential Rotation
allChange all database and application passwords that may have been exposed through hard-coded credentials.
🧯 If You Can't Patch
- Isolate NMIS/BioDose systems from internet and untrusted networks using network segmentation and firewall rules.
- Implement strict access controls and monitoring for all connections to NMIS/BioDose systems, alerting on any unauthorized access attempts.
🔍 How to Verify
Check if Vulnerable:
Check NMIS/BioDose version in application interface or installation directory. Versions V22.02 or earlier are vulnerable.Check Version:
Check application interface or installation documentation for version information.Verify Fix Applied:
Verify installation of V22.03 or later by checking version in application interface and confirming hard-coded passwords are no longer present in binaries through file analysis.📡 Detection & Monitoring
Log Indicators:
- Failed authentication attempts followed by successful logins using unexpected credentials
- Database access from unauthorized user accounts
- Unusual application access patterns or times
Network Indicators:
- Network connections to NMIS/BioDose systems from unauthorized IP addresses
- Database queries from unexpected sources
SIEM Query:
source="nms_logs" OR source="biodose_logs" AND (event_type="authentication" AND result="success" AND user NOT IN [authorized_users])