{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-27257", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "state": "PUBLISHED", "assignerShortName": "Nozomi", "dateReserved": "2025-02-21T08:32:26.974Z", "datePublished": "2025-03-10T09:05:34.817Z", "dateUpdated": "2025-03-12T11:10:57.902Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "N60 multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "B30 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "B90 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "C30 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "C60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "C70 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "C95 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "D30 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "D60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "F35 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "F60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "G30 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "G60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "L30 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "L60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "L90 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "T35 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "T60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "M60 Multilin", "vendor": "GE Vernova", "versions": [{"lessThanOrEqual": "8.60", "status": "affected", "version": "7.0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.<br>The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, a<span style=\"background-color: var(--wht);\">llowing the integration check to be bypassed.</span><br><br>"}], "value": "Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.\nThe firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed."}], "impacts": [{"capecId": "CAPEC-638", "descriptions": [{"lang": "en", "value": "CAPEC-638 Altered Component Firmware"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-03-12T11:10:57.902Z"}, "references": [{"url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27257"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-10T13:23:04.580273Z", "id": "CVE-2025-27257", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T13:23:20.325Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-27257", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-10T13:23:04.580273Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-10T13:23:13.911Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"capecId": "CAPEC-638", "descriptions": [{"lang": "en", "value": "CAPEC-638 Altered Component Firmware"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GE Vernova", "product": "N60 multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "B30 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "B90 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "C30 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "C60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "C70 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "C95 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "D30 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "D60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "F35 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "F60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "G30 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "G60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "L30 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "L60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "L90 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "M60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "T35 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "T60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}, {"vendor": "GE Vernova", "product": "M60 Multilin", "versions": [{"status": "affected", "version": "7.0", "versionType": "custom", "lessThanOrEqual": "8.60"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27257"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.\nThe firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.", "supportingMedia": [{"type": "text/html", "value": "Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.<br>The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, a<span style=\"background-color: var(--wht);\">llowing the integration check to be bypassed.</span><br><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345 Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2025-03-12T11:10:57.902Z"}}}, "cveMetadata": {"cveId": "CVE-2025-27257", "state": "PUBLISHED", "dateUpdated": "2025-03-12T11:10:57.902Z", "dateReserved": "2025-02-21T08:32:26.974Z", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "datePublished": "2025-03-10T09:05:34.817Z", "assignerShortName": "Nozomi"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware.\nThe firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed."}, {"lang": "es", "value": "La vulnerabilidad de verificaci\u00f3n insuficiente de la autenticidad de los datos en los dispositivos de la familia GE Vernova UR IED permite que un usuario autenticado instale un firmware modificado. La verificaci\u00f3n de la firma del firmware se aplica \u00fanicamente en el software dedicado del lado del cliente Enervista UR Setup, lo que permite omitir la comprobaci\u00f3n de integraci\u00f3n."}], "id": "CVE-2025-27257", "lastModified": "2025-03-12T12:15:15.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 5.2, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2025-03-10T09:15:11.613", "references": [{"source": "prodsec@nozominetworks.com", "url": "https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76"}, {"source": "prodsec@nozominetworks.com", "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27257"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}

{}