CVE-2025-24297 Growatt CVE debrief

Who should care

Organizations and individuals using Growatt cloud portal services, especially administrators, installers, and users who manage device settings or account content through the web portal.

Technical summary

CISA’s CSAF advisory identifies the affected product as Growatt cloud portal version <=3.6.0. The stated weakness is a lack of server-side input validation, allowing attackers to inject malicious JavaScript into users’ personal spaces in the portal. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, reflecting a network-reachable issue with no privileges or user interaction required and potential high confidentiality, integrity, and availability impact. The advisory lists Growatt as the vendor and says the cloud vulnerabilities were patched.

Defensive priority

Immediate. Treat as a critical internet-facing web application issue with the potential for account abuse and content injection; confirm patch status and review portal security controls promptly.

Recommended defensive actions

• Verify that Growatt cloud portal services are on the latest patched version and that automatic updates have completed where applicable.
• Enable strong passwords and multi-factor authentication wherever supported.
• Review portal security settings and follow vendor-recommended best practices.
• Monitor for unusual activity in user accounts and portal content.
• Report any security concerns to [email protected].
• Coordinate with vendors or installers if you manage multiple affected devices or accounts.

Evidence notes

Evidence is drawn from the CISA CSAF advisory ICSA-25-105-04 for CVE-2025-24297, which states the issue is due to lack of server-side input validation and affects Growatt cloud portal <=3.6.0. The advisory was published 2025-04-15 and revised 2025-05-06 with a note indicating typo fixes only. Growatt’s listed remediation says the cloud-based vulnerabilities were patched and no user action is needed.

Official resources