CVE-2025-27255

High

Published: 10 March 2025

Published

10 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

EPSS Score 0.0004 12.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-27255 is a high-severity Use of Hard-coded Credentials (CWE-798) vulnerability in Gevernova (inferred from references). Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 12.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

SI-2 requires timely identification, reporting, testing, and correction of system flaws, directly mitigating this CVE via vendor-provided patches that eliminate the hardcoded credential.

IA-5 Authenticator Management good match

prevent

IA-5 mandates protection of authenticators from unauthorized disclosure and modification while prohibiting default or easily retrievable credentials, preventing the hardcoded password used to encrypt the local user database.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

RA-5 requires vulnerability scanning to identify issues like this hardcoded credential vulnerability, enabling detection and prioritization for remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

The vulnerability directly enables local privilege escalation by allowing retrieval of the hardcoded encryption key via code analysis to decrypt the user database and gain higher privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code.

Deeper analysisAI

CVE-2025-27255, published on 2025-03-10, is a Use of Hard-coded Credentials vulnerability (CWE-798) in GE Vernova's EnerVista UR Setup software. The issue allows privilege escalation because the local user database is encrypted using a hardcoded password that an attacker can retrieve by analyzing the application code. It carries a CVSS v3.1 base score of 8.0 (AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H), reflecting high severity due to low attack complexity, no required privileges, and significant impacts on integrity and availability.

An attacker with local access to the affected system can exploit this vulnerability without needing user privileges or interaction. By examining the application code, the attacker retrieves the hardcoded password, decrypts the local user database, and escalates privileges. This results in low confidentiality impact but high integrity and availability disruption.

Advisories from GE Vernova (https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76) and Nozomi Networks (https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-27255) provide details on mitigation and patches for this vulnerability.