CVE-2025-3222

CRITICAL

GE Vernova Smallworld <5.3.3-5.3.4 - Auth Bypass

Title source: llm

Description

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.

References (1)

Core 1

Core References

Various Sources

https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/SecurityAdvisory_ImproperAuthentication_SWMFS.pdf

Scores

CVSS v4 9.3

EPSS 0.0045

EPSS Percentile 35.8%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-287

Status published

Products (2)

GE Vernova/Smallworld 5.3.3

GE Vernova/Smallworld 5.3.4

Published Nov 07, 2025

Tracked Since Feb 18, 2026