Vulnerability in Solaredge Se3680h
CVE-2025-36744
SolarEdge SE3680H has unauthenticated disclosure of sensitive information during the bootloader loop. While the device repeatedly initializes and waits for boot instructions, the bootloader emits diagnostic output this behavior can leak op…
EPSS: 0.001 (3.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.4 (Low). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Solaredge Se3680h — versions 4.0
- Solaredge Se3680h_firmware
References
- csirt@divd.nl (Third Party Advisory, third-party-advisory)
- csirt@divd.nl (Broken Link, third-party-advisory)
Frequently asked questions
- What is CVE-2025-36744?
- CVE-2025-36744 is a low-severity vulnerability in Solaredge Se3680h, classified under CWE-1295: DEBUG MESSAGES REVEALING UNNECESSARY INFORMATION. CVSS score: 2.4/10. Published 2025-12-12.
- How severe is CVE-2025-36744?
- Low severity. CVSS v3 base score is 2.4 out of 10.