Authentication Bypass Vulnerability in SolaX Cloud by SolaX Power
CVE-2025-36758

6.3MEDIUM

Key Information:

Vendor: Solax Power
Status: Solax Cloud
Vendor: CVE Published:; 10 September 2025

🔔 Create Solax Power Vulnerability Alert

What is CVE-2025-36758?

The SolaX Cloud platform contains a vulnerability that allows unauthorized users to bypass authentication controls through the misuse of the 'Forgot Password' feature. This flaw can potentially enable attackers to gain unwarranted access to user accounts, posing a significant risk to the integrity of user data and the overall security of the platform. Immediate action is advised to mitigate the risks associated with this vulnerability.

Affected Version(s)

SolaX Cloud before 27-06-2025

References

https://csirt.divd.nl/CVE-2025-36758

third-party-advisory

https://csirt.divd.nl/DIVD-2025-00015

third-party-advisory

CVSS V4

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Humza Ahmad

Max van der Horst