CVE-2025-27253

A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27253

Configurations

No configuration.

History

No history.

Information

Published : 2025-03-10 09:15

Updated : 2025-10-07 15:16

NVD link : CVE-2025-27253

Mitre link : CVE-2025-27253

CVE.ORG link : CVE-2025-27253

JSON object : View

Products Affected

No product.

CWE

CWE-15

External Control of System or Configuration Setting

6.1 /10