Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-30514
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-30512
Growatt Cloud portal External Control of System or Configuration Setting
Description: Unauthenticated attackers can send configuration settings to device and possible perform physical actions remotely (e.g., on/off).

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-30257
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: Unauthenticated attackers can retrieve serial number of smart meters associated to a specific user account.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27939
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: An attacker can change registered email addresses of other users and take over arbitrary accounts.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27938
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27927
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API.

CVSS: MEDIUM (6.9)

EPSS Score: 0.03%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27719
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: Unauthenticated attackers can query an API endpoint and get device details.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27575
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: An unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27565
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: An unauthenticated attacker can delete any user's "rooms" by knowing the user's and room IDs.

CVSS: MEDIUM (6.9)

EPSS Score: 0.05%

Source: CVE
April 15th, 2025 (4 days ago)

CVE-2025-27561
Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Description: Unauthenticated attackers can rename "rooms" of arbitrary users.

CVSS: MEDIUM (6.9)

EPSS Score: 0.04%

Source: CVE
April 15th, 2025 (4 days ago)