CVE-2025-62575HIGH 8.8EPSS p27.1%

CVE-2025-62575CVE-2025-62575

Description

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in stored procedures.

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS0.35% probability of exploitation · percentile 27.1% · 2026-06-18T12:00:27Z
Published2025-12-02
Last modified2026-01-02

Underlying weaknesses· 1

CWE-732

References

  1. https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-336-01

1

TypeTargetConfidenceTier
WeaknessIncorrect Permission Assignment for Critical Resourcecwe-7320%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-61940
CVE
CVE-2025-24999
CVE
CVE-2025-2585
CVE
CVE-2025-55227
CVE
CVE-2025-49759
CVE
CVE-2025-53727
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.