Security Advisory

CVE-2025-27257

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-03-10 09:05:34
Last updated 2025-03-12 11:10:57
Assigner Nozomi
State PUBLISHED

Description

Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration check to be bypassed.