How to fix CVE-2025-64642?

Within 24 hours: Identify all systems running NMIS/BioDose V22.02 or earlier and assess deployment model (dedicated vs. shared workstations). Within 7 days: Apply vendor-released patch to all affected instances; for shared workstations, implement strict directory permission controls (restrict write access to administrators only). Within 30 days: Conduct file integrity verification on patched systems to confirm proper permission remediation and review access logs for unauthorized modification attempts.

CVE-2025-64642

EUVD-2025-200324 HIGH

2025-12-02 [email protected]

Information Disclosure

8.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:24 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

patch_available

Apr 16, 2026 - 05:29 EUVD

23.0

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200324

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

CVE Published

Dec 02, 2025 - 21:15 nvd

HIGH 8.0

DescriptionNVD

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment for Critical Resource (CWE-732).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-64642 vulnerability details – vuln.today

Back