Auth bypass in Solax Power Cloud
CVE-2025-36756
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known.
Vulnerability class: Broken Authentication
EPSS: 0.003 (16.8th percentile) — read the EPSS interpretation.
Affected products
- Solax Power Cloud — versions before 27-06-2025
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (third-party-advisory)