PatchSiren cyber security CVE debrief
CVE-2025-30510 Growatt CVE debrief
CVE-2025-30510 is a critical vulnerability in the Growatt cloud portal. CISA’s advisory says an attacker can upload an arbitrary file instead of a plant image, affecting Growatt cloud portal versions up to 3.6.0. The advisory was first published on 2025-04-15 and later revised on 2025-05-06 for typo fixes. Growatt states the cloud-based vulnerabilities were patched and that no user action is needed, while also recommending basic account and device hygiene such as strong passwords and multi-factor authentication where applicable.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations and individuals using Growatt cloud portal deployments, especially installers, operators, and administrators responsible for monitored solar or related cloud-connected systems. Security teams supporting affected Growatt environments should treat this as a priority because the advisory rates the issue as critical and the exposure is network-based.
Technical summary
The advisory describes an arbitrary file upload issue in the Growatt cloud portal, affecting Growatt cloud portal versions <=3.6.0. The supplied CVSS 3.1 vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, with a score of 9.8 and Critical severity. Based on the published advisory, the issue is remotely reachable, requires no privileges or user interaction, and is associated with high confidentiality, integrity, and availability impact. No further exploitation details are provided in the source corpus.
Defensive priority
Critical. The issue is remotely exploitable, has no listed prerequisites in the advisory’s CVSS vector, and is already reported as patched by the vendor. Even though Growatt says no user action is needed, affected operators should still verify exposure, confirm updates, and review account security settings.
Recommended defensive actions
- Confirm whether your environment uses Growatt cloud portal versions at or below 3.6.0 and treat any exposure as affected per the advisory.
- Apply or verify the latest vendor-provided updates; Growatt states the cloud-based vulnerabilities were patched and updates are automatic.
- Use strong passwords and enable multi-factor authentication where applicable, as recommended by Growatt.
- Review security settings regularly and watch for unusual activity in affected accounts or portals.
- Report any security concerns to [email protected], per the advisory.
- Follow CISA ICS recommended practices for broader defensive hardening around connected industrial or operational technology environments.
Evidence notes
All substantive claims are drawn from the supplied CISA CSAF advisory metadata and remediation text. The advisory identifies the product as Growatt cloud portal, affected versions as <=3.6.0, and the issue description as arbitrary file upload instead of a plant image. The published date is 2025-04-15 and the modified date is 2025-05-06, which is described in the revision history as typo fixes. No exploit chain, proof-of-concept, or post-exploitation behavior is included in the source corpus, so none is inferred here.
Official resources
-
CVE-2025-30510 CVE record
CVE.org
-
CVE-2025-30510 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory on 2025-04-15 and later revised it on 2025-05-06 for typo fixes. The source corpus does not indicate a known KEV listing or ransomware association.