Information Disclosure Vulnerability in Sunny Portal by SolarWinds
CVE-2025-41685

6.5MEDIUM

Key Information:

Vendor: Sma
Status: Ennexos.sunnyportal.com
Vendor: CVE Published:; 19 August 2025

What is CVE-2025-41685?

A vulnerability has been identified in Sunny Portal that allows a low-privileged remote attacker to gain unauthorized access to the usernames of registered users. This can be exploited by simply inputting the email addresses of targeted users, thereby compromising personal information and potentially leading to further attacks.

Affected Version(s)

ennexos.sunnyportal.com 0 < 15.08.2025

References

https://certvde.com/en/advisories/VDE-2025-050

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 19, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Jannik Zimmer