Information disclosure in Solax Power Cloud
CVE-2025-36759
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
Vulnerability class: Information Disclosure
EPSS: 0.003 (22.9th percentile) — read the EPSS interpretation.
Affected products
- Solax Power Cloud — versions before 27-06-2025
Weakness classification (CWE)
References
- csirt@divd.nl (third-party-advisory)
- csirt@divd.nl (third-party-advisory)