PatchSiren cyber security CVE debrief
CVE-2025-27565 Growatt CVE debrief
CVE-2025-27565 affects Growatt cloud portal versions up to 3.6.0. According to CISA’s advisory, an unauthenticated attacker who knows a user ID and room ID can delete that user’s rooms. The advisory was published on 2025-04-15 and later revised on 2025-05-06 for typo fixes only.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations using Growatt cloud portal, especially operators, installers, and administrators responsible for account or room management. Security teams should pay attention because the flaw is network-reachable, requires no authentication, and can directly affect data integrity.
Technical summary
The advisory describes an access-control weakness in Growatt cloud portal <=3.6.0. A remote attacker does not need valid credentials; if the attacker knows the relevant user and room identifiers, they can delete rooms belonging to another user. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, which maps to a 5.3 medium-severity score and reflects integrity impact without confidentiality or availability impact in the provided record.
Defensive priority
Medium priority. Treat as urgent to verify if any environments use Growatt cloud portal <=3.6.0, but note that CISA and the vendor indicate the cloud-based issue was patched.
Recommended defensive actions
- Confirm whether any tenant, deployment, or connected service uses Growatt cloud portal version 3.6.0 or earlier.
- Apply the vendor’s available patching or automatic update process; CISA notes the cloud-based vulnerabilities were patched and no user action is needed.
- Use strong passwords and enable multi-factor authentication where applicable.
- Review account and room-management activity for unexpected deletions or other unauthorized changes.
- Report security concerns to [email protected] using the vendor’s published contact path.
- Continue regular security reviews and follow CISA industrial control system best practices for account and access management.
Evidence notes
All substantive facts come from the CISA CSAF advisory ICSA-25-105-04 and its referenced records: the affected product is Growatt cloud portal <=3.6.0, the issue is unauthenticated room deletion when user and room IDs are known, and the vendor remediation states the cloud-based vulnerabilities were patched. The advisory revision history shows the 2025-05-06 update was for typo fixes only. The supplied record also lists a CVSS v3.1 score of 5.3 (MEDIUM) and no KEV entry.
Official resources
-
CVE-2025-27565 CVE record
CVE.org
-
CVE-2025-27565 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-105-04 on 2025-04-15 and revised it on 2025-05-06 for typo fixes only. The supplied enrichment does not mark the issue as KEV-listed.