CVE-2025-27256

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network.

CVSS v3 8.3 HIGH

8.3^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.5

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27256

Configurations

No configuration.

History

12 Mar 2025, 12:15

Type	Values Removed	Values Added
Summary		(es) La vulnerabilidad de falta de autenticación para funciones críticas en la aplicación de configuración de GE Vernova Enervista UR permite omitir la autenticación debido a la falta de autenticación del servidor SSH. Dado que la conexión del cliente no está autenticada, un atacante puede realizar un ataque de intermediario en la red.
References		() https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27256 -

10 Mar 2025, 09:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-10 09:15

Updated : 2025-03-12 12:15

NVD link : CVE-2025-27256

Mitre link : CVE-2025-27256

CVE.ORG link : CVE-2025-27256

JSON object : View

Products Affected

No product.

CWE

CWE-306

Missing Authentication for Critical Function

8.3 /10