Information Disclosure Vulnerability in Smart Home Device Management
CVE-2025-31654

6.9MEDIUM

Key Information:

Vendor: Growatt
Status: Cloud Portal
Vendor: CVE Published:; 15 April 2025

Summary

A security vulnerability exists within the smart home device management framework, allowing unauthorized attackers to access sensitive information regarding user groups and associated devices, commonly referred to as 'rooms'. This breach could lead to a compromised user privacy and potential exploitation of the system, requiring urgent attention to bolster the security measures in place.

Affected Version(s)

Cloud portal 0 < 3.6.0

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-1...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Apr 15, 2025
Vulnerability Reserved
Apr 1, 2025

Credit

Forescout Technologies reported these vulnerabilities to CISA.