CVE-2025-64298

Name of the Vulnerable Software and Affected Versions NMIS/BioDose versions prior to 22.02

Description Installations of NMIS/BioDose V22.02 and earlier versions utilizing the embedded Microsoft SQLServer Express are susceptible to information disclosure. The Windows share accessed by clients in networked installations contains insecure directory paths. These paths allow access to the SQL Server database and configuration files, potentially exposing sensitive data.

Recommendations Update to version 22.02 or later.