PatchSiren cyber security CVE debrief
CVE-2025-31360 Growatt CVE debrief
CVE-2025-31360 is a Growatt cloud portal vulnerability affecting versions up to 3.6.0. According to CISA’s advisory, an unauthenticated attacker can trigger device actions associated with specific scenes for arbitrary users. Growatt reports the cloud-based vulnerabilities were patched, and updates are automatic.
- Vendor
- Growatt
- Product
- Cloud portal
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-04-15
- Original CVE updated
- 2025-05-06
- Advisory published
- 2025-04-15
- Advisory updated
- 2025-05-06
Who should care
Owners and operators of Growatt cloud portal deployments, plus installers and administrators responsible for connected devices and user accounts. Even though the vendor states the cloud issues were patched automatically, organizations should still verify account security settings and monitor for unexpected device behavior.
Technical summary
CISA’s advisory describes an unauthenticated network-reachable issue where attackers can trigger device actions tied to specific scenes belonging to arbitrary users. The supplied CVSS v3.1 vector is AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L, which indicates no confidentiality impact but low integrity and availability impact. The affected product listed in the CSAF is Growatt cloud portal <=3.6.0.
Defensive priority
Medium. The vendor states the cloud vulnerabilities were patched and no user action is needed for the patch itself, but account hardening, monitoring, and review of device activity remain prudent.
Recommended defensive actions
- Confirm exposure of Growatt cloud portal accounts and devices covered by the advisory ICSA-25-105-04.
- Ensure devices and associated cloud services are on the latest available firmware/version; Growatt states updates are automatic.
- Use strong passwords and enable multi-factor authentication where applicable.
- Review security settings regularly and investigate any unusual device or scene activity.
- Report security concerns to [email protected].
- Follow CISA industrial control system recommended practices for account, device, and network hardening.
Evidence notes
The source advisory (CISA CSAF ICSA-25-105-04) identifies Growatt cloud portal <=3.6.0 as affected and states: "Unauthenticated attackers can trigger device actions associated with specific \"scenes\" of arbitrary users." The advisory was initially published on 2025-04-15 and revised on 2025-05-06 for typos only. The remediation section says Growatt patched the cloud-based vulnerabilities and that updates are automatic, while also recommending strong passwords, MFA where applicable, and vigilance for unusual activity.
Official resources
-
CVE-2025-31360 CVE record
CVE.org
-
CVE-2025-31360 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Published by CISA on 2025-04-15T06:00:00.000Z; revised on 2025-05-06T06:00:00.000Z for typo fixes. The supplied advisory material indicates the issue was patched by the vendor.