CVE-2025-27257

Published Mar 10, 2025

Last updated 23 days ago

CVSS medium 6.1

Overview

Description
Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.
Source
prodsec@nozominetworks.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.1
Impact score
5.2
Exploitability score
0.9
Vector string
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Severity
MEDIUM

Weaknesses

prodsec@nozominetworks.com
CWE-345

Social media

Hype score
Not currently trending

  1. CVE-2025-27257 Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firm… https://t.co/PAE71pM883

    @CVEnew

    10 Mar 2025

    415 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References