PatchSiren cyber security CVE debrief
CVE-2025-30512 Growatt CVE debrief
CVE-2025-30512 is a medium-severity issue in Growatt cloud portal software where unauthenticated attackers can send configuration settings to a device and may remotely trigger physical actions such as on/off control. CISA published the advisory on 2025-04-15 and later revised it on 2025-05-06 for typo fixes only. Growatt states the cloud-based vulnerabilities were patched and that no user action is needed, but also recommends standard hardening and monitoring steps.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Organizations using Growatt cloud portal deployments, along with administrators, installers, and operators responsible for managing connected devices through the portal. Security teams should pay particular attention if any devices may still be on versions at or below 3.6.0.
Technical summary
The advisory identifies a network-reachable, unauthenticated weakness affecting Growatt cloud portal versions <=3.6.0. According to the CISA CSAF, an attacker can send configuration settings to the device and may remotely perform physical actions such as on/off control. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, which aligns with a remotely exploitable issue that does not require privileges or user interaction and has low integrity and availability impact.
Defensive priority
Moderate priority. The issue is already described by the vendor as patched, so the main priority is confirming affected devices are covered by the latest firmware/software state, then validating account security and monitoring for unexpected changes or device actions.
Recommended defensive actions
- Confirm whether any environment assets use Growatt cloud portal versions at or below 3.6.0.
- Apply the latest firmware/software updates where available; Growatt states updates are automatic and no user action is needed.
- Use strong passwords and enable multi-factor authentication where applicable.
- Review device and cloud portal security settings regularly and look for unusual configuration changes or on/off activity.
- Report security concerns to Growatt at [email protected].
Evidence notes
All substantive claims in this debrief are taken from the supplied CISA CSAF advisory for ICSA-25-105-04 / CVE-2025-30512 and its embedded remediation guidance. The advisory lists the affected product as Growatt cloud portal <=3.6.0, describes unauthenticated configuration-setting access and possible remote physical actions, and records publication on 2025-04-15 with a 2025-05-06 revision limited to typo fixes. The supplied CVSS v3.1 vector supports the stated network-accessible, no-authentication risk profile.
Official resources
-
CVE-2025-30512 CVE record
CVE.org
-
CVE-2025-30512 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the advisory and CVE record on 2025-04-15T06:00:00.000Z. The source was revised on 2025-05-06T06:00:00.000Z for typo fixes only, with no substantive change indicated in the supplied material.