CVE-2025-9038

Summary

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.

Affected Software

VendorProductVersion RangeStatus
GE VernovaS1 Agile Configuration Software3.1 and previous versionaffected

Weaknesses

  • CWE-269: CWE-269 Improper Privilege Management

Workarounds

As a workaround, GE Vernova recommends having sufficient security controls in place on the workstation where S1 Agile software is installed. This will ensure the attacker’s remote connection to the computer is not feasible. Harden the computer on which S1 Agile is installed. The product deployment guide can be used to understand the guidelines around how the product can be deployed in the end user’s environment.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References