Improper Input Validation in GE Vernova UR IED Family Devices
CVE-2025-27253

6.1MEDIUM

Key Information:

Vendor: Ge Vernova
Status: N60 Multilin; B30 Multilin; B90 Multilin; C30 Multilin
Vendor: CVE Published:; 10 March 2025

What is CVE-2025-27253?

A vulnerability exists in the GE Vernova UR IED family of devices due to improper input validation. This flaw, present in versions 7.0 to 8.60, allows attackers to exploit the system by establishing TCP connections through port forwarding without adequate validation of IP addresses and ports. Consequently, this weakness could enable malicious traffic to bypass firewall protections, posing a significant risk to network security. Organizations using these devices should evaluate their configurations and apply necessary mitigations to secure their systems against potential exploitation.

Affected Version(s)

B30 Multilin 7.0 <= 8.60

B90 Multilin 7.0 <= 8.60

C30 Multilin 7.0 <= 8.60

References

https://www.gevernova.com/grid-solutions/app/DownloadFile...

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Diego Giubertoni of Nozomi Networks found this bug during a security research activity.

Ge Vernova

What is CVE-2025-27253?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit