Missing Authorization Vulnerability in SolaX Cloud Platform
CVE-2025-36756

5.8MEDIUM

Key Information:

Vendor: Solax Power
Status: Solax Cloud
Vendor: CVE Published:; 10 September 2025

🔔 Create Solax Power Vulnerability Alert

What is CVE-2025-36756?

The SolaX Cloud platform is vulnerable due to a missing authorization flaw that allows an attacker to take control of any SolaX solar panel inverter, provided they have knowledge of the inverter's serial number. This vulnerability exposes users to risks, as unauthorized individuals can manipulate inverter settings or access sensitive information. Prompt measures should be taken to mitigate the risks associated with this security lapse.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SolaX Cloud before 27-06-2025

References

https://csirt.divd.nl/CVE-2025-36756

third-party-advisory

https://csirt.divd.nl/DIVD-2025-00015

third-party-advisory

CVSS V4

Score:

5.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Humza Ahmad

Max van der Horst

JSON

Solax Power

What is CVE-2025-36756?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.