How to fix CVE-2025-27253?

Within 30 days: Identify affected systems running GE Vernova UR IED family devices from and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is GE Vernova UR IED affected by CVE-2025-27253?

Organizations using GE Vernova UR IED family devices from should be aware of moderate risk from CVE-2025-27253 rated CVSS 6.1. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

GE Vernova UR IED CVE-2025-27253

MEDIUM

External Control of System or Configuration Setting (CWE-15)

2025-03-10 [email protected]

Authentication Bypass

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 19:50 vuln.today

CVE Published

Mar 10, 2025 - 09:15 nvd

MEDIUM 6.1

DescriptionNVD

A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network.

AnalysisAI

GE Vernova UR IED devices (versions 7.0-8.60) have a flaw that lets attackers control network settings without proper validation, specifically allowing them to set up unauthorized port forwarding connections. This could let an attacker bypass firewall protections and send harmful traffic across the network. The vulnerability affects industrial control systems used in power generation and distribution environments.

Technical ContextAI

affects in GE Vernova UR IED family devices from version 7.0. A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network.

Affected ProductsAI

Product: in GE Vernova UR IED family devices from version 7.0. Versions: up to 8.60.

RemediationAI

Monitor vendor advisories for a patch.

CVE-2025-27253 vulnerability details – vuln.today

Back

GE Vernova UR IED CVE-2025-27253

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

Affected ProductsAI

RemediationAI

Share

External POC / Exploit Code