PatchSiren cyber security CVE debrief
CVE-2025-24315 Growatt CVE debrief
CVE-2025-24315 is a medium-severity cloud application issue in Growatt’s cloud portal where an unauthenticated attacker could add devices to scenes belonging to other users, or to arbitrary scenes of other users. CISA’s advisory ties the issue to Growatt Cloud Applications / Growatt cloud portal version <= 3.6.0 and assigns a CVSS v3.1 score of 5.3. Growatt reports the cloud-based vulnerabilities were patched and that updates are automatic, but users are still advised to use strong passwords, enable MFA where applicable, and watch for unusual activity.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using Growatt cloud portal services, especially installers, administrators, and operators who rely on scenes/automation to manage devices. If your environment uses Growatt cloud integration for device control or monitoring, this is primarily an integrity-risk issue that could affect scene configuration trust.
Technical summary
The advisory describes an unauthenticated network-accessible weakness in the Growatt cloud portal that allows an attacker to add devices to scenes owned by other users. The impact is integrity-only in the supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N), with no confidentiality or availability impact scored. The affected product listed in the CSAF is Growatt cloud portal <= 3.6.0.
Defensive priority
Medium. The issue is remotely reachable, requires no authentication, and can alter scene contents, but the scored impact is limited to integrity. Prioritize remediation if your operations depend on scene correctness or if you have multiple tenants/users in the same cloud portal.
Recommended defensive actions
- Confirm you are running the latest Growatt cloud portal/cloud-connected device firmware available through the vendor’s automatic update process.
- Use strong, unique passwords for Growatt accounts and enable multi-factor authentication where the service supports it.
- Review scenes and device associations for unexpected additions or changes, especially in shared or multi-user environments.
- Monitor for unusual account or automation activity and preserve logs or screenshots if suspicious changes are found.
- Report security concerns to Growatt at [email protected] and follow any vendor guidance for your deployment.
Evidence notes
All substantive claims here come from the CISA CSAF advisory ICSA-25-105-04 and its associated metadata: the affected product is Growatt cloud portal <= 3.6.0, the stated issue is unauthenticated addition of devices to other users’ scenes, and the CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N. The advisory was initially published on 2025-04-15 and revised on 2025-05-06 for typo fixes; that revision does not indicate a new issue date.
Official resources
-
CVE-2025-24315 CVE record
CVE.org
-
CVE-2025-24315 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-105-04 on 2025-04-15 and later revised it on 2025-05-06 for typo fixes. Use 2025-04-15 as the CVE publication context date.