CVE-2025-27254

High

Published: 10 March 2025

Published

10 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS Score 0.0001 1.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27254 is a high-severity Improper Ownership Management (CWE-282) vulnerability in Gevernova (inferred from references). Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Modify Registry (T1112); ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Modify Registry (T1112). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

CM-6 Configuration Settings good match

prevent

Requires establishing and enforcing secure configuration settings for the Windows registry key to prevent any user from modifying the startup authentication disablement.

AC-3 Access Enforcement good match

prevent

Enforces approved access authorizations on the registry setting, directly addressing improper ownership management that allows unauthorized modifications.

AC-6 Least Privilege good match

prevent

Applies least privilege to restrict modifications of critical registry settings controlling authentication to only authorized users or processes.

MITRE ATT&CK Enterprise TechniquesAI

T1112 Modify Registry Defense Impairment

Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.

attack.mitre.org →

Why these techniques?

The vulnerability allows any local user to modify a Windows registry key controlling startup authentication, directly enabling the Modify Registry technique to bypass the software's authentication mechanism.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.

Deeper analysisAI

CVE-2025-27254, published on 2025-03-10, is a CWE-282 Improper Ownership Management vulnerability in GE Vernova EnerVista UR Setup software. The issue enables authentication bypass because the software's startup authentication can be disabled by altering a Windows registry setting that any user can modify. It carries a CVSS v3.1 base score of 8.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H).

A local attacker requires no privileges and can exploit the vulnerability with low attack complexity and no user interaction. By modifying the accessible Windows registry setting, the attacker disables startup authentication, leading to low confidentiality impact alongside high integrity and availability impacts on the affected software.

Advisories from GE Vernova and Nozomi Networks provide details on mitigation and patches, accessible at https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 and https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254.

Details

CWE(s): CWE-282

Affected Products

Gevernova

—

inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-23514Shared CWE-282

References

https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76
prodsec@nozominetworks.com
https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27254
prodsec@nozominetworks.com