Improper Authentication Vulnerability in GE Vernova EnerVista UR Setup
CVE-2025-27254

8HIGH

Key Information:

Vendor: Ge Vernova
Status: Enervista Ur Setup
Vendor: CVE Published:; 10 March 2025

What is CVE-2025-27254?

The GE Vernova EnerVista UR Setup is susceptible to an improper authentication vulnerability that allows for authentication bypass. This issue arises due to a misconfiguration that enables any user to modify a Windows registry setting, effectively disabling the startup authentication protocol. Users should ensure that registry permissions are appropriately restricted to prevent unauthorized access and maintain the security of their systems.

Affected Version(s)

EnerVista UR Setup 8.42

References

https://www.gevernova.com/grid-solutions/app/DownloadFile...

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Diego Giubertoni of Nozomi Networks found this bug during a security research activity.