Mirion Medical has released patches for five high-severity vulnerabilities affecting its radiation safety and medical-imaging management products.
TechTarget has reported that Mirion Medical has released security patches to address five high-severity vulnerabilities in its EC2 Software NMIS BioDose platform. The flaws affect versions of the software before v23.0 (notably v22.02 and earlier).
The five vulnerabilities, tracked as CVE-2025-64298, CVE-2025-61940, CVE-2025-62575, CVE-2025-64642, and CVE-2025-64778, expose various security weaknesses.
These vulnerabilities represent a combination of insecure defaults, over-privileged accounts, exposed SQL shares, and poor credential management: the sort of “low-hanging fruit” that attackers look for.
According to Tech Target, CISA has warned that “successful exploitation of these vulnerabilities could allow an attacker to modify program executables, gain access to sensitive information, gain unauthorized access to the application, and execute arbitrary code.”
According to SecurityWeek, earlier this year, researchers disclosed a critical vulnerability in Orthanc Server, a widely used open-source DICOM platform, that could allow remote, unauthenticated access to sensitive medical imaging data and potentially disrupt healthcare operations. The flaw, tracked as CVE-2025-0896, occurs because basic authentication is not enabled by default when remote access is turned on, leaving exposed servers open to data manipulation, deletion of imaging files, or service outages. Security experts warned that exploitation could result in altered patient records or missing diagnostic images, posing serious risks to patient safety. The Orthanc team urged users to upgrade to version 1.5.8 or later and to manually enable authentication if remote access is required. The incident highlights ongoing security challenges in medical imaging systems and underscores the importance of proper configuration and timely patching across healthcare environments.
Both incidents show how weaknesses in authentication, configuration, and software design can expose sensitive patient data, disrupt clinical workflows, or even undermine diagnostic accuracy. If exploited, the flaws could allow attackers to alter or delete imaging records, interfere with radiation-dose tracking, or shut down systems relied on for timely diagnoses and treatment decisions. Together, the two stories point to the systemic fragility of medical-imaging infrastructure and the need for healthcare organizations to prioritize patching, secure configurations, and continuous monitoring to safeguard patient safety and operational continuity.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
The vulnerabilities affect Mirion Medical’s EC2 Software NMIS BioDose platform, used widely in nuclear medicine and radiology departments for radiation dose management, patient scheduling, inventory control, and billing.
The vulnerabilities are classified as high severity and include risks such as unauthorized access, exposure of sensitive patient data, privilege escalation, and potential remote code execution.
Exploitation could allow attackers to access confidential medical data, modify or delete radiation dose records, execute malicious code on affected systems, or disrupt clinical workflows, potentially compromising patient safety.