Firmware Modification Vulnerability in GE Vernova UR IED Devices
CVE-2025-27257

6.1MEDIUM

Key Information:

Vendor: Ge Vernova
Status: N60 Multilin; B30 Multilin; B90 Multilin; C30 Multilin
Vendor: CVE Published:; 10 March 2025

What is CVE-2025-27257?

A vulnerability in GE Vernova UR IED family devices permits authenticated users to install modified firmware due to inadequate verification of data authenticity. The existing firmware signature verification occurs solely on the client-side with Enervista UR Setup software, allowing potential bypass of the integration checks. This issue emphasizes the critical need for robust verification processes to ensure the integrity of firmware updates and safeguard against unauthorized modifications.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

B30 Multilin 7.0 <= 8.60

B90 Multilin 7.0 <= 8.60

C30 Multilin 7.0 <= 8.60

References

https://www.gevernova.com/grid-solutions/app/DownloadFile...

https://www.nozominetworks.com/labs/vulnerability-advisor...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Diego Giubertoni of Nozomi Networks found this bug during a security research activity.

JSON

Ge Vernova

What is CVE-2025-27257?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.