CVE-2025-27254

{"id": "CVE-2025-27254", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@nozominetworks.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 5.5, "exploitabilityScore": 2.5}]}, "published": "2025-03-10T09:15:11.167", "references": [{"url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76", "source": "prodsec@nozominetworks.com"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254", "source": "prodsec@nozominetworks.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "prodsec@nozominetworks.com", "description": [{"lang": "en", "value": "CWE-282"}]}], "descriptions": [{"lang": "en", "value": "CWE-282 \"Improper Ownership Management\"\u00a0in GE Vernova EnerVista UR Setup allows Authentication Bypass.\u00a0\nThe software's startup authentication can be disabled by altering a Windows registry setting that any user can modify."}, {"lang": "es", "value": "La vulnerabilidad de autenticaci\u00f3n incorrecta en GE Vernova EnerVista UR Setup permite omitir la autenticaci\u00f3n. La autenticaci\u00f3n de inicio del software se puede desactivar modificando una configuraci\u00f3n del registro de Windows que cualquier usuario puede modificar."}], "lastModified": "2025-10-07T15:16:02.427", "sourceIdentifier": "prodsec@nozominetworks.com"}