### [CVE-2025-27253](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27253)
![](https://img.shields.io/static/v1?label=Product&message=B30%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=B90%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=C30%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=C60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=C70%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=C95%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=D30%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=D60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=F35%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=F60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=G30%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=G60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=L30%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=L60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=L90%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=M60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=N60%20multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=T35%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=T60%20Multilin&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-20%20Improper%20Input%20Validation&color=brightgreen)

### Description

An improper input validation in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that enstablishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds