CVE-2025-27255

HIGH

GE Vernova EnerVista UR Setup - Privilege Escalation

Title source: llm

Description

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.

References (2)

Core 2

Core References

Various Sources

https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76

Various Sources

https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27255

Scores

CVSS v3 8.0

EPSS 0.0014

EPSS Percentile 3.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-798

Status published

Products (1)

GE Vernova/EnerVista UR Setup 8.42

Published Mar 10, 2025

Tracked Since Feb 18, 2026