CVE-2025-3222 - OpenCVE

Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

No data.

No data.

No data.

References

Link	Providers
https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/SecurityAdvisory_ImproperAuthentication_SWMFS.pdf

History

Fri, 07 Nov 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 07 Nov 2025 16:45:00 +0000

Type	Values Removed	Values Added
Description		Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.
Title		Smallworld SWMFS Improper Authentication
Weaknesses		CWE-287
References		https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/SecurityAdvisory_ImproperAuthentication_SWMFS.pdf
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: GE_Vernova

Published: 2025-11-07T16:28:45.217Z

Updated: 2025-11-07T19:17:12.529Z

Reserved: 2025-04-03T13:47:11.155Z

Link: CVE-2025-3222

Vulnrichment

Updated: 2025-11-07T19:17:09.727Z

NVD

Status : Received

Published: 2025-11-07T17:15:47.500

Modified: 2025-11-07T17:15:47.500

Link: CVE-2025-3222

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3222", "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "state": "PUBLISHED", "assignerShortName": "GE_Vernova", "dateReserved": "2025-04-03T13:47:11.155Z", "datePublished": "2025-11-07T16:28:45.217Z", "dateUpdated": "2025-11-07T19:17:12.529Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "Smallworld", "vendor": "GE Vernova", "versions": [{"status": "affected", "version": "5.3.3", "versionType": "Linux"}, {"status": "affected", "version": "5.3.4", "versionType": "Windows"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Theo Gobinet"}, {"lang": "en", "type": "finder", "value": "Azael Martin"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.<p>This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.</p>"}], "value": "Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows."}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "shortName": "GE_Vernova", "dateUpdated": "2025-11-07T16:28:45.217Z"}, "references": [{"url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/SecurityAdvisory_ImproperAuthentication_SWMFS.pdf"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "GE Vernova recommends that users upgrade to the appropriate non-affected version listed above in accordance with their use case and architecture as this is the most complete method to address the Vulnerability.<br><br>Also, users are strongly advised to follow the SDG instructions. The complete SDG can be found in the Smallworld Documentation.<br><br>To obtain the latest version of SWMFS, please contact your local support representative at Customer Center.<br><br>"}], "value": "GE Vernova recommends that users upgrade to the appropriate non-affected version listed above in accordance with their use case and architecture as this is the most complete method to address the Vulnerability.\n\nAlso, users are strongly advised to follow the SDG instructions. The complete SDG can be found in the Smallworld Documentation.\n\nTo obtain the latest version of SWMFS, please contact your local support representative at Customer Center."}], "source": {"discovery": "UNKNOWN"}, "title": "Smallworld SWMFS Improper Authentication", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-11-07T19:17:06.399847Z", "id": "CVE-2025-3222", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T19:17:12.529Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-11-07T19:17:06.399847Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-07T19:17:09.727Z"}}], "cna": {"title": "Smallworld SWMFS Improper Authentication", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Theo Gobinet"}, {"lang": "en", "type": "finder", "value": "Azael Martin"}], "impacts": [{"capecId": "CAPEC-114", "descriptions": [{"lang": "en", "value": "CAPEC-114 Authentication Abuse"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "GE Vernova", "product": "Smallworld", "versions": [{"status": "affected", "version": "5.3.3", "versionType": "Linux"}, {"status": "affected", "version": "5.3.4", "versionType": "Windows"}], "platforms": ["Windows", "Linux"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "GE Vernova recommends that users upgrade to the appropriate non-affected version listed above in accordance with their use case and architecture as this is the most complete method to address the Vulnerability.\n\nAlso, users are strongly advised to follow the SDG instructions. The complete SDG can be found in the Smallworld Documentation.\n\nTo obtain the latest version of SWMFS, please contact your local support representative at Customer Center.", "supportingMedia": [{"type": "text/html", "value": "GE Vernova recommends that users upgrade to the appropriate non-affected version listed above in accordance with their use case and architecture as this is the most complete method to address the Vulnerability.<br><br>Also, users are strongly advised to follow the SDG instructions. The complete SDG can be found in the Smallworld Documentation.<br><br>To obtain the latest version of SWMFS, please contact your local support representative at Customer Center.<br><br>", "base64": false}]}], "references": [{"url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/SecurityAdvisory_ImproperAuthentication_SWMFS.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.", "supportingMedia": [{"type": "text/html", "value": "Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.<p>This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-287", "description": "CWE-287 Improper Authentication"}]}], "providerMetadata": {"orgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "shortName": "GE_Vernova", "dateUpdated": "2025-11-07T16:28:45.217Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3222", "state": "PUBLISHED", "dateUpdated": "2025-11-07T19:17:12.529Z", "dateReserved": "2025-04-03T13:47:11.155Z", "assignerOrgId": "2cf0fb33-79e2-44e0-beb8-826cc5ce3250", "datePublished": "2025-11-07T16:28:45.217Z", "assignerShortName": "GE_Vernova"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Authentication vulnerability in GE Vernova Smallworld on Windows, Linux allows Authentication Abuse.This issue affects Smallworld: 5.3.3 and prior versions for Linux, and 5.3.4. and prior versions for Windows."}], "id": "CVE-2025-3222", "lastModified": "2025-11-07T17:15:47.500", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-11-07T17:15:47.500", "references": [{"source": "[email protected]", "url": "https://www.gevernova.com/content/dam/cyber_security/global/en_US/pdfs/SecurityAdvisory_ImproperAuthentication_SWMFS.pdf"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "[email protected]", "type": "Secondary"}]}