Broken Access Control in SolisCloud API Affects User Data Accessibility
CVE-2025-13932

8.3HIGH

Key Information:

Vendor: Soliscloud
Status: Monitoring Platform (cloud Api & Device Control Api)
Vendor: CVE Published:; 4 December 2025

What is CVE-2025-13932?

The SolisCloud API is vulnerable to a Broken Access Control issue, specifically an Insecure Direct Object Reference (IDOR). This flaw enables authenticated users to manipulate the 'plant_id' parameter in requests, granting them unauthorized access to sensitive information related to any plant. The misuse of this vulnerability can lead to significant privacy breaches and data integrity risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Monitoring Platform (Cloud API & Device Control API) API v1

Monitoring Platform (Cloud API & Device Control API) API v2

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-3...

government-resource

CVSS V4

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 4, 2025
Vulnerability Reserved
Dec 2, 2025

Credit

James Gallagher (@5G)

JSON

Soliscloud

What is CVE-2025-13932?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.