PatchSiren cyber security CVE debrief
CVE-2025-27719 Growatt CVE debrief
CVE-2025-27719 is a medium-severity issue in Growatt cloud applications where an unauthenticated attacker can query an API endpoint and obtain device details. The CISA CSAF advisory was first published on 2025-04-15 and later revised on 2025-05-06 for typo fixes. The supplied advisory does not place the issue on the Known Exploited Vulnerabilities list.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Operators, installers, and administrators using the Growatt cloud portal, especially environments still on versions at or below 3.6.0. Because the issue is reachable without authentication and affects device-detail exposure, organizations that rely on the portal for monitoring or fleet visibility should review access controls and account hygiene.
Technical summary
According to the CISA CSAF record, Growatt cloud portal versions <=3.6.0 are affected. The issue is that an unauthenticated attacker can query an API endpoint and get device details. The advisory’s CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, indicating network-reachable exposure with low confidentiality impact and no integrity or availability impact in the supplied scoring.
Defensive priority
Moderate. The issue is externally reachable and requires no authentication, but the supplied advisory rates impact as low and does not list the CVE in KEV. Prioritize if the cloud portal is internet-facing or used to manage sensitive device fleets.
Recommended defensive actions
- Apply Growatt’s latest firmware/software updates when available; the advisory states updates are automatic and no user action is needed.
- Use strong passwords and enable multi-factor authentication where applicable.
- Review security settings regularly and watch for unusual activity in Growatt cloud accounts and devices.
- Report security concerns to [email protected] using the contact provided in the advisory.
Evidence notes
All claims above are drawn from the supplied CISA CSAF source item for ICSA-25-105-04 and its embedded metadata. The advisory names the affected product as Growatt cloud portal and lists affected versions as <=3.6.0. It also states: “Unauthenticated attackers can query an API endpoint and get device details.” The supplied CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The revision history shows the original publication on 2025-04-15 and a later revision on 2025-05-06 for typo fixes.
Official resources
-
CVE-2025-27719 CVE record
CVE.org
-
CVE-2025-27719 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed by CISA in CSAF advisory ICSA-25-105-04 on 2025-04-15, with a revision on 2025-05-06 limited to typo fixes.