Sensitive Information Leak in SolaX Cloud by SolaX Technologies
CVE-2025-36759

8.7HIGH

Key Information:

Vendor: Solax Power
Status: Solax Cloud
Vendor: CVE Published:; 10 September 2025

🔔 Create Solax Power Vulnerability Alert

What is CVE-2025-36759?

A vulnerability in SolaX Cloud enables the disclosure of sensitive user information, such as email addresses and phone numbers. By suggesting similar user accounts based on provided usernames, the cloud service inadvertently reveals personal identifiable information (PII). This flaw poses significant risks to user privacy, potentially leading to phishing attacks and unauthorized access.

Affected Version(s)

SolaX Cloud before 27-06-2025

References

https://csirt.divd.nl/CVE-2025-36759

third-party-advisory

https://csirt.divd.nl/DIVD-2025-00015

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2025
Vulnerability Reserved
Apr 15, 2025

Credit

Humza Ahmad

Max van der Horst