Vulnerability in Solax Power Cloud
CVE-2025-36758
It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle.
EPSS: 0.005 (37.5th percentile) — read the EPSS interpretation.
Affected products
- Solax Power Cloud — versions before 27-06-2025
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (third-party-advisory)