{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27254", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2025-02-21T08:32:26.973Z", "datePublished": "2025-03-10T09:05:08.963Z", "dateUpdated": "2025-10-07T14:18:35.592Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "EnerVista UR Setup", "vendor": "GE Vernova", "versions": [{"status": "affected", "version": "8.42", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "CWE-282 \"Improper Ownership Management\"&nbsp;in GE Vernova EnerVista UR Setup allows Authentication Bypass.&nbsp;<br><span style=\"background-color: var(--wht);\">The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.</span><br><br>"}], "value": "CWE-282 \"Improper Ownership Management\"\u00a0in GE Vernova EnerVista UR Setup allows Authentication Bypass.\u00a0\nThe software's startup authentication can be disabled by altering a Windows registry setting that any user can modify."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-282", "description": "CWE-282 Improper Ownership Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-10-07T14:18:35.592Z"}, "references": [{"url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T14:10:30.949201Z", "id": "CVE-2025-27254", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T14:10:54.966Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27254", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T14:10:30.949201Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T14:10:37.403Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GE Vernova", "product": "EnerVista UR Setup", "versions": [{"status": "affected", "version": "8.42", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "CWE-282 \"Improper Ownership Management\"\u00a0in GE Vernova EnerVista UR Setup allows Authentication Bypass.\u00a0\nThe software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.", "supportingMedia": [{"type": "text/html", "value": "CWE-282 \"Improper Ownership Management\"&nbsp;in GE Vernova EnerVista UR Setup allows Authentication Bypass.&nbsp;<br><span style=\"background-color: var(--wht);\">The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.</span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-282", "description": "CWE-282 Improper Ownership Management"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-10-07T14:18:35.592Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27254", "state": "PUBLISHED", "dateUpdated": "2025-10-07T14:18:35.592Z", "dateReserved": "2025-02-21T08:32:26.973Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2025-03-10T09:05:08.963Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "CWE-282 \"Improper Ownership Management\"\u00a0in GE Vernova EnerVista UR Setup allows Authentication Bypass.\u00a0\nThe software's startup authentication can be disabled by altering a Windows registry setting that any user can modify."}, {"lang": "es", "value": "La vulnerabilidad de autenticaci\u00f3n incorrecta en GE Vernova EnerVista UR Setup permite omitir la autenticaci\u00f3n. La autenticaci\u00f3n de inicio del software se puede desactivar modificando una configuraci\u00f3n del registro de Windows que cualquier usuario puede modificar."}], "id": "CVE-2025-27254", "lastModified": "2025-10-07T15:16:02.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.5, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2025-03-10T09:15:11.167", "references": [{"source": "prodsec@nozominetworks.com", "url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76"}, {"source": "prodsec@nozominetworks.com", "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-282"}], "source": "prodsec@nozominetworks.com", "type": "Primary"}]}

{}