PatchSiren cyber security CVE debrief
CVE-2025-24850 Growatt CVE debrief
CVE-2025-24850 is a medium-severity information disclosure issue in the Growatt cloud portal. According to CISA’s advisory, an attacker could export other users’ plant information in affected versions (<= 3.6.0). The issue was publicly disclosed on 2025-04-15 and later revised on 2025-05-06 for typo fixes. Growatt states the cloud-based vulnerabilities were patched and that updates are automatic, with no user action needed.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using the Growatt cloud portal, especially installers, operators, and administrators responsible for monitoring plant data. Security teams should also care because the CVSS vector indicates network-accessible access with no privileges or user interaction required.
Technical summary
The advisory describes a confidentiality issue in Growatt cloud portal versions up to 3.6.0 where an attacker can export other users’ plant information. The supplied CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates remote, low-complexity access with no privileges or user interaction, and limited confidentiality impact. No integrity or availability impact is indicated in the supplied scoring.
Defensive priority
Medium. The issue is publicly known, affects a cloud service, and exposes user data. Growatt says the issue has been patched and updates are automatic, which lowers urgent remediation burden but does not remove the need to verify exposure and review account access.
Recommended defensive actions
- Confirm whether your environment uses Growatt cloud portal versions at or below 3.6.0 and verify that vendor-delivered updates have been applied.
- Review access controls and account permissions for plant data export functions, especially if multiple users or installers share access.
- Enable strong passwords and multi-factor authentication where applicable, as recommended by the vendor.
- Monitor for unusual access to plant information or unexpected data exports.
- Report any security concerns to [email protected] and document any exposure found during internal review.
Evidence notes
All substantive claims are taken from the supplied CISA CSAF source item for ICSA-25-105-04 and its embedded remediation guidance. The affected product listed is Growatt cloud portal <= 3.6.0. The issue description is limited to export of other users’ plant information. The vendor remediation text says the cloud-based vulnerabilities were patched and updates are automatic, with no user action needed. No KEV entry was provided in the supplied corpus.
Official resources
-
CVE-2025-24850 CVE record
CVE.org
-
CVE-2025-24850 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2025-04-15 via CISA advisory ICSA-25-105-04; revised on 2025-05-06 for typo fixes.