CVE-2025-27254
Published: 10 March 2025
Description
Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
Security Summary
CVE-2025-27254, published on 2025-03-10, is a CWE-282 Improper Ownership Management vulnerability in GE Vernova EnerVista UR Setup software. The issue enables authentication bypass because the software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. It carries a CVSS v3.1 base score of 8.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).
A local attacker requires no privileges and can exploit the vulnerability with low attack complexity and no user interaction. By modifying the accessible Windows registry setting, the attacker disables startup authentication, leading to low confidentiality impact alongside high integrity and availability impacts on the affected software.
Advisories from GE Vernova and Nozomi Networks provide details on mitigation and patches, accessible at https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 and https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability allows any local user to modify a Windows registry key controlling startup authentication, directly enabling the Modify Registry technique to bypass the software's authentication mechanism.