PatchSiren cyber security CVE debrief
CVE-2025-27575 Growatt CVE debrief
CVE-2025-27575 is an unauthenticated information-disclosure issue in Growatt cloud applications. According to CISA’s advisory, an attacker who knows a charger ID can obtain EV charger version information and firmware upgrading history from the Growatt cloud portal. The advisory was first published on 2025-04-15 and later revised on 2025-05-06 for typo fixes only.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Operators, installers, and administrators using Growatt cloud portal deployments, especially anyone managing EV chargers that are visible through the affected cloud service. Security and operations teams responsible for connected charging infrastructure should review exposure and access controls.
Technical summary
CISA identifies Growatt cloud portal versions <=3.6.0 as affected. The issue is unauthenticated and network-reachable, and the disclosed data is limited to charger version and firmware upgrading history once a charger ID is known. The supplied CVSS v3.1 vector indicates low confidentiality impact (C:L) with no integrity or availability impact (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N), consistent with an information disclosure rather than code execution or denial-of-service condition.
Defensive priority
Medium. The issue does not indicate direct system compromise, but it can expose device and update history details that may aid reconnaissance or operational intelligence gathering. Treat as a prompt to verify cloud portal patch status, credential hygiene, and access governance for connected chargers.
Recommended defensive actions
- Confirm the Growatt cloud portal is updated to the latest patched version; CISA notes the cloud-based vulnerabilities were patched.
- Apply strong, unique passwords for any accounts that access the portal.
- Enable multi-factor authentication where it is available.
- Review charger/account access for unusual activity or unexpected firmware history changes.
- Follow Growatt and CISA best-practice guidance for industrial control systems and report security concerns to [email protected].
Evidence notes
All substantive claims are taken from the supplied CISA CSAF advisory and its vendor remediation notes. The advisory states that an unauthenticated attacker can obtain EV charger version and firmware upgrading history by knowing the charger ID. The affected product entry is Growatt cloud portal <=3.6.0. CISA published the advisory on 2025-04-15 and issued a revision on 2025-05-06 described as fixing typos. No KEV listing was provided in the source corpus.
Official resources
-
CVE-2025-27575 CVE record
CVE.org
-
CVE-2025-27575 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in advisory ICSA-25-105-04 on 2025-04-15. The source revision on 2025-05-06 is documented as typo fixes only. Growatt states the cloud-based vulnerabilities were patched and that no user action is needed for the软件