PatchSiren cyber security CVE debrief
CVE-2025-27927 Growatt CVE debrief
CVE-2025-27927 is a medium-severity information-disclosure issue in Growatt cloud applications. According to the CISA advisory, an unauthenticated attacker who knows a valid username can use an unprotected API to obtain a list of smart devices associated with that account. CISA lists Growatt cloud portal versions <=3.6.0 as affected and notes that Growatt reported the cloud-based vulnerabilities were patched.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using Growatt cloud portal services, especially administrators, installers, and operators who manage smart devices through the portal. Security teams responsible for internet-facing vendor cloud services and any environment where device inventory exposure would be sensitive should also review this advisory.
Technical summary
CVE-2025-27927 describes an API access-control weakness in Growatt cloud applications. The advisory states that unauthenticated attackers can obtain a list of smart devices if they know a valid username, indicating the API does not adequately protect device-list retrieval. The supplied CVSS vector (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) aligns with a network-reachable issue that impacts confidentiality only, with no integrity or availability impact described in the advisory.
Defensive priority
Medium. The issue does not describe code execution or service disruption, but it can expose device inventory information and should be treated as a privacy and reconnaissance risk, especially for cloud-managed OT or smart-device environments.
Recommended defensive actions
- Confirm whether any assets use Growatt cloud portal versions <=3.6.0 and prioritize applying the latest available firmware or cloud updates.
- Review account security for Growatt-managed access: use strong passwords and enable multi-factor authentication where applicable.
- Monitor for unusual account activity or unexpected device-list access tied to valid usernames.
- Follow Growatt's advisory guidance and report security concerns to [email protected].
- Apply standard ICS security best practices and keep security settings under regular review.
Evidence notes
All factual statements are grounded in the supplied CISA CSAF advisory and the provided CVE metadata. The advisory identifies the affected product as Growatt cloud portal <=3.6.0, describes the unauthenticated device-list exposure via an unprotected API, and states that Growatt reports the cloud-based vulnerabilities were patched. The advisory revision on 2025-05-06 is described as fixing typos only; no new technical impact was introduced in the supplied source.
Official resources
-
CVE-2025-27927 CVE record
CVE.org
-
CVE-2025-27927 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory for CVE-2025-27927 on 2025-04-15 and later revised it on 2025-05-06 for typo fixes. The supplied advisory identifies Growatt cloud portal versions <=3.6.0 as affected.