Auth bypass in Sungrow Isolarcloud

CVE-2025-29756

SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however did not have sufficient restrictions in plac…

Vulnerability class: Broken Access Control

EPSS: 0.002 (10.9th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References