Authentication Bypass in GE Vernova Enervista UR Setup Application
CVE-2025-27256

8.3HIGH

Key Information:

Vendor: Ge Vernova
Status: Enervista Ur Setup
Vendor: CVE Published:; 10 March 2025

What is CVE-2025-27256?

A significant vulnerability exists in the GE Vernova Enervista UR Setup application, characterized by a missing authentication mechanism for SSH server connections. This gap allows unauthorized access, enabling an attacker to execute a man-in-the-middle attack on the network. Consequently, sensitive data could be intercepted, altering the overall security posture of the affected systems.

Affected Version(s)

EnerVista UR Setup 7.0 <= 8.60

References

https://www.gevernova.com/grid-solutions/app/DownloadFile...

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Diego Giubertoni of Nozomi Networks found this bug during a security research activity.