CVE-2025-9038 HIGH

CVE-2025-9038: S1 Agile Privilege Escalation

Vendor Ge Vernova

Product S1 Agile Configuration Software

Weakness CWE-269

Published September 22, 2025

Last update September 24, 2025

View on NVD All CVEs

CVSS base score

7.5/10

Attack vector Local

Attack complexity High

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

What the vulnerability does

01Description

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.

Key dates

02Disclosure timeline

September 22, 2025 CVE published

September 24, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9038 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/269.html

Related vulnerabilities

04Related CVE

CVE-2023-24509 On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading t ... CVE-2020-13516 CVE-2017-12728 CVE-2026-27198 Formwork Improperly Manages Privileges During User Creation CVE-2026-22043 RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting

Identifiers

CVE CVE-2025-9038

CWE CWE-269

CVSS 7.5 / HIGH

Affected versions

Vendor Ge Vernova

Product S1 Agile Configuration Software

Affected 3.1 and previous version