Missing Authorization Vulnerability in SolaX Cloud Platform
CVE-2025-36756

5.8MEDIUM

Key Information:

Vendor: Solax Power
Status: Solax Cloud
Vendor: CVE Published:; 10 September 2025

🔔 Create Solax Power Vulnerability Alert

What is CVE-2025-36756?

The SolaX Cloud platform is vulnerable due to a missing authorization flaw that allows an attacker to take control of any SolaX solar panel inverter, provided they have knowledge of the inverter's serial number. This vulnerability exposes users to risks, as unauthorized individuals can manipulate inverter settings or access sensitive information. Prompt measures should be taken to mitigate the risks associated with this security lapse.

Affected Version(s)

SolaX Cloud before 27-06-2025

References

https://csirt.divd.nl/CVE-2025-36756

third-party-advisory

https://csirt.divd.nl/DIVD-2025-00015

third-party-advisory

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Humza Ahmad

Max van der Horst