Improper Input Validation in GE Vernova UR IED Family Devices
CVE-2025-27253

6.1MEDIUM

Key Information:

Vendor: Ge Vernova
Status: N60 Multilin; B30 Multilin; B90 Multilin; C30 Multilin
Vendor: CVE Published:; 10 March 2025

What is CVE-2025-27253?

A vulnerability exists in the GE Vernova UR IED family of devices due to improper input validation. This flaw, present in versions 7.0 to 8.60, allows attackers to exploit the system by establishing TCP connections through port forwarding without adequate validation of IP addresses and ports. Consequently, this weakness could enable malicious traffic to bypass firewall protections, posing a significant risk to network security. Organizations using these devices should evaluate their configurations and apply necessary mitigations to secure their systems against potential exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

B30 Multilin 7.0 <= 8.60

B90 Multilin 7.0 <= 8.60

C30 Multilin 7.0 <= 8.60

References

https://www.gevernova.com/grid-solutions/app/DownloadFile...

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Diego Giubertoni of Nozomi Networks found this bug during a security research activity.

JSON

Ge Vernova

What is CVE-2025-27253?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.