PatchSiren cyber security CVE debrief
CVE-2025-27568 Growatt CVE debrief
CVE-2025-27568 is a medium-severity information-disclosure issue in Growatt cloud portal versions <=3.6.0. According to the CISA advisory, an unauthenticated attacker who knows a username can trigger a password reset email and thereby learn the associated email address. Growatt states the cloud-based vulnerabilities were patched and that no user action is needed.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using the Growatt cloud portal, especially administrators, installers, and security teams responsible for account management, password resets, and multi-factor authentication settings. Internet-facing deployments should treat this as a privacy and account-enumeration risk.
Technical summary
The advisory describes an unauthenticated remote issue in the Growatt cloud portal where knowledge of a username is enough to cause a password reset email to be sent. That response reveals the user's email address. The supplied advisory identifies the affected product as Growatt cloud portal <=3.6.0 and gives CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (5.3), indicating confidentiality impact only.
Defensive priority
Medium. Prioritize remediation for any environment exposing the Growatt cloud portal to the internet or relying on the portal for user account management, because the flaw can disclose user email addresses without authentication.
Recommended defensive actions
- Confirm the environment is running a patched Growatt cloud portal release; Growatt states the cloud-based vulnerabilities were patched and no user action is needed.
- Update all devices to the latest firmware version when available, noting the advisory says updates are automatic.
- Use strong passwords and enable multi-factor authentication where applicable.
- Review account and portal activity for unexpected password reset messages or unusual access patterns.
- Report security concerns to [email protected].
- Follow CISA industrial control systems recommended practices and defense-in-depth guidance for connected cloud and OT environments.
Evidence notes
This debrief is based on the supplied CISA CSAF advisory ICSA-25-105-04, which maps to CVE-2025-27568 and lists Growatt cloud portal <=3.6.0 as affected. The advisory published on 2025-04-15 and was revised on 2025-05-06 for typo fixes only, per the provided revision history. The supplied enrichment indicates this is not a KEV-listed vulnerability and no ransomware-campaign use was provided.
Official resources
-
CVE-2025-27568 CVE record
CVE.org
-
CVE-2025-27568 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-04-15 and issued a revision on 2025-05-06 with typo fixes only.