Unauthorized Device Hijacking in Affected Portal by Vendor
CVE-2025-41645

8.6HIGH

Key Information:

Vendor: Sma
Status: Www.sunnyportal.com
Vendor: CVE Published:; 13 May 2025

What is CVE-2025-41645?

A remote attacker can exploit a flaw in the vendor’s portal by leveraging a demo account. This vulnerability enables unauthorized access to devices mistakenly created under that account, potentially allowing the attacker to hijack them and manipulate their settings or operations.

Affected Version(s)

www.sunnyportal.com 0 < 20.02.2025

References

https://cert.vde.com/en/advisories/VDE-2025-010

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Jannik Zimmer

Sma

What is CVE-2025-41645?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit