CVE-2025-27561 Growatt CVE debrief

Who should care

Organizations and individuals using Growatt cloud portal deployments up to version 3.6.0 should care, especially admins, installers, and users who rely on room naming or other cloud-managed settings for device organization and monitoring.

Technical summary

The advisory describes an unauthenticated, network-reachable authorization flaw affecting the Growatt cloud portal. The reported impact is limited to integrity: attackers can rename rooms for arbitrary users. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, which aligns with a low-complexity remote issue that can alter data but does not indicate confidentiality or availability impact in the advisory.

Defensive priority

Medium. The issue is already reported as patched by the vendor, but it still matters for exposure assessment, account review, and confirming affected systems are on current versions.

Recommended defensive actions

• Confirm whether any tenants or devices used the Growatt cloud portal at version 3.6.0 or earlier.
• Verify that the vendor's cloud-side fix has taken effect in your environment.
• Review room names and related configuration for unauthorized changes.
• Use strong passwords and enable multi-factor authentication where applicable.
• Monitor for unusual activity and report concerns to [email protected].
• Follow Growatt and CISA guidance on secure configuration and defensive best practices.

Evidence notes

Source data from CISA's CSAF advisory identifies the affected product as 'Growatt cloud portal: <=3.6.0' and states that unauthenticated attackers can rename rooms of arbitrary users. The same advisory includes Growatt remediation notes stating the cloud-based vulnerabilities were patched and no user action is needed, while recommending password hygiene, MFA where applicable, and ongoing vigilance. The supplied CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, matching a medium-severity integrity-only impact.

Official resources