How to fix CVE-2025-64778?

Within 24 hours: Identify all systems running NMIS/BioDose V22.02 or earlier and isolate them from production networks if possible. Within 7 days: Apply the vendor-released patch to upgrade all affected installations to the patched version. Within 30 days: Conduct a security audit of database access logs and application activity from affected systems for the past 90 days to identify any unauthorized access using the hard-coded credentials; rotate all database passwords and application service account credentials regardless of patch status.

CVE-2025-64778

EUVD-2025-200321 HIGH

2025-12-02 [email protected]

Authentication Bypass

7.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:24 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

patch_available

Apr 16, 2026 - 05:29 EUVD

23.0

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200321

CVE Published

Dec 02, 2025 - 21:15 nvd

HIGH 7.3

DescriptionNVD

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.

AnalysisAI

Technical ContextAI

This vulnerability is classified as Use of Hard-coded Credentials (CWE-798).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

CVE-2025-64778 vulnerability details – vuln.today

Back