CVE-2025-27255
8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Summary
Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| GE Vernova | EnerVista UR Setup | 8.42 | affected |
Weaknesses
- CWE-798: CWE-798 Use of Hard-coded Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
- https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27255
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.