PatchSiren cyber security CVE debrief
CVE-2025-27929 Growatt CVE debrief
CVE-2025-27929 is a Growatt cloud portal issue documented by CISA in ICSA-25-105-04. The advisory says unauthenticated attackers could retrieve the full list of users associated with arbitrary accounts in Growatt cloud applications, affecting Growatt cloud portal versions <=3.6.0. CISA published the advisory on 2025-04-15 and later revised it on 2025-05-06 for typo fixes. Growatt states the cloud-based vulnerabilities were patched and that no user action is needed, but affected organizations should still verify their environment is current and review account security controls.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Operators, installers, and administrators using Growatt cloud portal versions up to 3.6.0; security teams responsible for account privacy, access monitoring, and cloud service hygiene; and organizations that rely on Growatt-managed monitoring portals.
Technical summary
The source advisory describes an unauthenticated information exposure affecting the Growatt cloud portal. According to CISA’s CSAF record, attackers could retrieve the full list of users associated with arbitrary accounts, and the affected product scope is Growatt cloud portal <=3.6.0. The published CVSS 3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N, with a score of 5.3 (Medium). The advisory’s narrative centers on unauthorized disclosure of account-user associations, while the CVSS vector assigns low integrity impact in the published assessment.
Defensive priority
Medium: address promptly because the issue is network-reachable and requires no authentication, but the advisory does not describe code execution or service disruption.
Recommended defensive actions
- Confirm the Growatt cloud portal is on the latest vendor-fixed version and that any automatic cloud-side updates have been applied.
- Review account membership and access records for unusual bulk lookups or unexpected account enumeration activity.
- Use strong passwords and enable multi-factor authentication where applicable.
- Follow CISA ICS recommended practices for account security, monitoring, and defensive depth.
- Report any security concerns to [email protected] if you observe suspicious behavior.
Evidence notes
Primary evidence comes from CISA’s CSAF advisory ICSA-25-105-04 and its referenced source JSON. The advisory states: unauthenticated attackers can retrieve the full list of users associated with arbitrary accounts. The affected product is listed as Growatt cloud portal <=3.6.0. Remediations in the advisory say Growatt patched the cloud-based vulnerabilities and no user action is needed, while also recommending password hygiene, MFA where applicable, and vigilance. Publication and revision timing are taken from the advisory metadata: initial publication on 2025-04-15 and revision 2 on 2025-05-06 for typo fixes.
Official resources
-
CVE-2025-27929 CVE record
CVE.org
-
CVE-2025-27929 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published ICSA-25-105-04 / CVE-2025-27929 on 2025-04-15; revision 2 on 2025-05-06 corrected typos. No KEV listing was provided in the supplied data.