Auth bypass in Solax Power Cloud

CVE-2025-36756

A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.

Vulnerability class: Broken Authentication

EPSS: 0.003 (16.8th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References