Privilege Escalation Flaw in Tigo Energy's Cloud Connect Advanced Device
CVE-2025-7768

9.3CRITICAL

Key Information:

Vendor: Tigo Energy
Status: Cloud Connect Advanced
Vendor: CVE Published:; 6 August 2025

🔔 Create Tigo Energy Vulnerability Alert

What is CVE-2025-7768?

The Tigo Energy Cloud Connect Advanced (CCA) device features hard-coded credentials that create a security vulnerability, allowing unauthorized users to gain administrative access. This can lead to privilege escalation, enabling attackers to take complete control of the device. With this level of access, they can alter system configurations, disrupt solar energy production, and undermine critical safety mechanisms, posing significant risks to the operation and integrity of the energy management system.

Affected Version(s)

Cloud Connect Advanced 0 <= 4.0.1

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

government-resource

CVSS V4

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 6, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Anthony Rose and Jacob Krasnov of BC Security and Peter Kariuki of Ovanova